O'Reilly logo

Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis by Marco M. Morana, Tony UcedaVelez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 3EXISTING THREAT MODELING APPROACHES

SECURITY, SOFTWARE, RISK-BASED VARIANTS

“Knowing your own darkness is the best method for dealing with the darkness[es] of other people.”

Carl Gustav Jung, Swiss Psychiatrist

As the subject around application threat modeling evolves in both theory and practice, the readers of this and any other related literature should judiciously apply the methodology and techniques that are appropriate to the time and resources of their respective enterprises. This chapter addresses three major methodologies in application threat modeling in order to provide objective insight across each one and denote the strengths and limitations of each. Among the present methodologies and those that may unfold in the future, there is not a wrong or a right methodology, but simply one which accomplishes varying objectives. Although none of these methodologies are flawed, the manner in which they could be selected can be flawed, particularly if the status quo approach to mainstream security is followed, which is simply a process riddled with imitation and the “best practice” speak. Candidly, the best practice of this and any other methodology is one that considers the unique variables that ultimately will be charged with deploying, sustaining, and adhering to such methods. As demonstrated in Chapter 1, application threat modeling involves time, talent, and resources of so many groups beyond those in information security. It is a process that naturally fosters ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required