Thread modeling and attack surface validation

Posted on Actualizado enn

Most important sdl security goals: CIA Confidentiality – Integrity – Availability

TModeling

1.-Understand the potential security threats to the system

2.-Determine risk

3.-Establish appropriate mitigations

The correct way of doing threat modeling requires getting into the mind of the hacker, queality assurance professionals can do security testing and can typically discover some vulnerabilities usually have the customers’thought in mind rather thant those of the hacker.

Result of modeling has to be metrics to take decisions

Attack suface should be fully tested by exercising all the code paths in an application that are part of the attack surface. The elements of the attack surface can be identified with the use of scanning tools, such as port scanning tools for open ports, and code analysis tools to locate the portions of the code that receive input and send output, custom tools to locate entry points specific to a custome application, the minimum attack surface is typically defined early in the software development lifecyle and measured agin through the later phases.

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s