O'Reilly logo

Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis by Marco M. Morana, Tony UcedaVelez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 4THREAT MODELING WITHIN THE SDLC

BUILDING SECURITY IN SDLC WITH THREAT MODELING

“Proactively identifying risks is one of the main benefits of threat modeling. Rather than waiting for something bad to happen and waiting for the risk to be realized it means taking control of risks and making risk informed decisions in advance and initiate design changes ahead of a future deployment of the application. But a lot of businesses out there don't see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it's still a hard sell for people.”

Kevin Mitnick

Application and software are complimentary; software is what applications are made of. Applications are engineered by following a Software Development Life Cycle (SDLC) process that encompasses different phases such as software functional requirements, software design, coding, building the software to an executable, integration with other software libraries, and building to create an executable, functional, quality testing.

Rationale for Building Security in the SDLC

Historically, security in software has been mostly considered as a requirement to be validated with functional testing that usually takes place during the last phase of the SDLC. Any security issues that would have been identified at that stage, such as common vulnerabilities, requires implementing a fix for the issue, testing and release of either a patch ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required