Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Tips for Online Banking Security | Main | Basics of Threat Modeling »

Making the Case for Improving Application Security

Giving executives and manager the right information can make the difference between a funded security initiative and another good idea put on the shelf.

One way to convey security issues is with the right kind of reporting. In the case of application development and threat assessment, the Microsoft Threat Analysis and Modeling tool can be a big help.

It provides a wizard driven process for business objectives, application components, use cases, and threats. The attack library is a nice feature. It provides descriptions of common types of attacks, how to test for them and what to do about them. There are visualizations for data flows, trust flows, and attack trees - good ways of generating information rich images to get your case across quickly. There are also reports for different roles, like risk managers, designers, developers and operations staff.

For more details, listen to the Basics of Threat Modeling podcast.

Tags:          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on November 15, 2008 2:24 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/956

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net