O'Reilly logo

Agile Application Security by Laura Bell, Jim Bird, Rich Smith, Michael Brunton-Spall

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Threat Assessments and Understanding Attacks

You can’t defend yourself effectively against adversaries that you can’t see and that you don’t understand. You need to understand the threats to your organization, your systems, and your customer’s data, and be prepared to deal with these threats (see “Threat Assessment”).

You need up-to-date, accurate threat information to aid in this understanding:

  • Inform your security monitoring systems so that you know what to look for, and to arm your runtime defenses so that you can protect organization and systems from attacks.

  • Prioritize patching and other remediation work.

  • Drive operational risk assessments so that you can understand how well prepared (or unprepared) your organization is to face attacks.

  • Help write security stories by modeling threat actors as anti-personas.

  • Define test scenarios so that you can attack your own systems using tools like Gauntlt and find security weaknesses before adversaries find them.

  • Guide education and awareness.

  • Assess your design for security risks through threat modeling.

Understanding Threats: Paranoia and Reality

If you read the news or follow security commentators, the world can seem like a fairly terrible place. A steady stream of large-scale systems compromises and breaches are featured in the news each week: high-profile organizations falling to a range of attacks and losing control of sensitive information.

It can be easy when reading these accounts to assume that these ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required