Skip to Content
The .NET Developer's Guide to Windows Security
book

The .NET Developer's Guide to Windows Security

by Keith Brown
September 2004
Intermediate to advanced
408 pages
7h 25m
English
Addison-Wesley Professional
Content preview from The .NET Developer's Guide to Windows Security

Chapter 3. What Is Threat Modeling?

Security is a lot about tradeoffs. Rarely can you apply a security countermeasure to a system and not trade off convenience, privacy, or something else that users of that system hold dear to their hearts. Bruce Schneier talks a lot about these tradeoffs in real-world systems such as airports (Schneier 2000). In computer systems, the same tradeoffs apply. Forcing users to run with least privilege (as opposed to administrators) is a huge hurdle that many organizations cannot seem to get past, for example, simply because it's painful for users. Most software breaks when run without administrative privileges (which is stupid and should be fixed, as I discuss in Item 8).

It stands to reason that when designing secure ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

.NET Framework Security

.NET Framework Security

Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
Programming .NET Security

Programming .NET Security

Adam Freeman, Allen Jones
The .NET Developer’s Guide to Directory Services Programming
Security Strategies in Windows Platforms and Applications, 3rd Edition

Publisher Resources

ISBN: 0321228359Purchase book