Chapter 8. Threat Assessments and Understanding Attacks

You can’t defend yourself effectively against adversaries that you can’t see and that you don’t understand. You need to understand the threats to your organization, your systems, and your customer’s data, and be prepared to deal with these threats (see “Threat Assessment”).

You need up-to-date, accurate threat information to aid in this understanding:

  • Inform your security monitoring systems so that you know what to look for, and to arm your runtime defenses so that you can protect organization and systems from attacks.

  • Prioritize patching and other remediation work.

  • Drive operational risk assessments so that you can understand how well prepared (or unprepared) your organization is to face attacks.

  • Help write security stories by modeling threat actors as anti-personas.

  • Define test scenarios so that you can attack your own systems using tools like Gauntlt and find security weaknesses before adversaries find them.

  • Guide education and awareness.

  • Assess your design for security risks through threat modeling.

Understanding Threats: Paranoia and Reality

If you read the news or follow security commentators, the world can seem like a fairly terrible place. A steady stream of large-scale systems compromises and breaches are featured in the news each week: high-profile organizations falling to a range of attacks and losing control of sensitive information.

It can be easy when reading these accounts to assume that these ...

Get Agile Application Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.