Improving Web Application Security: Threats and - CGISecurity

66 Part I: Introduction to Threats and CountermeasuresSummaryGenerating a Work Item ReportFrom the initial threat model, you can create a more formalized work item report thatcan include additional attributes, such as a Bug ID, which can be used to tie the threatin with your favorite bug tracking system. In fact, you may choose to enter theidentified threats in your bug tracking system and use its reporting facilities togenerate the report. You can also include a status column to indicate whether or notthe bug has been fixed. You should make sure the report includes the original threatnumber to tie it back to the threat model document.Organize the threats in the report by network, host, and application categories. Thismakes the report easier to consume for different team members in different roles.Within each category, present the threats in prioritized order starting with the onesgiven a high risk rating followed by the threats that present less risk.While you can mitigate the risk of an attack, you do not mitigate or eliminate theactual threat. Threats still exist regardless of the security actions you take and thecountermeasures you apply. The reality in the security world is that youacknowledge the presence of threats and you manage your risks. Threat modelingcan help you manage and communicate security risks across your team.Treat threat modeling as an iterative process. Your threat model should be a dynamicitem that changes over time to cater to new types of threats and attacks as they arediscovered. It should also be capable of adapting to follow the natural evolution ofyour application as it is enhanced and modified to accommodate changing businessrequirements.Additional ResourcesFor additional related reading, see the following resources:● For information on attack patterns, see “Attack Modeling for Information Securityand Survivability,” by Andrew P. Moore, Robert J. Ellison, and Richard C. Lingerat http://www.cert.org/archive/pdf/01tn001.pdf●●●For information on evaluating threats, assets and vulnerabilities, see“Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)Framework, Version 1.0” on the Carnegie Mellon Software Engineering InstituteWeb site at http://www.sei.cmu.edu/publications/documents/99.reports/99tr017/99tr017figures.htmlFor a walkthrough of threat modeling, see “Architect WebCast: Using ThreatModels to Design Secure Solutions” at http://www.microsoft.com/usa/webcasts/ondemand/1617.aspFor more information on creating DFDs, see Writing Secure Code, Second Edition, byMichael Howard, David C. LeBlanc.