![]() A weakness in some aspect or feature of a system that makes a threat possible. A potential occurrence, malicious or otherwise, that might damage or compromise your assets. A resource of value, such as the data in a database or on the file system. With a random, “shotgun” approach to security, how do you know when your application is “secure enough,” and how do you know the areas where your application is still vulnerable? In short, until you know your threats, you cannot secure your system. Threat modeling has a structured approach that is far more cost efficient and effective than applying security features in a haphazard manner without knowing precisely what threats each feature is supposed to address. By identifying and rating threats based on a solid understanding of the architecture and implementation of your application, you can address threats with appropriate countermeasures in a logical order, starting with the threats that present the greatest risk. Threat modeling allows you to systematically identify and rate the threats that are most likely to affect your system. Application Threat modeling should be considered separate from Risk Assessment, although similar but Application Threat Modeling is more of a calculated approach.
0 Comments
Leave a Reply. |