1 / 12

Threat Modeling: Security Development Lifecycle

Threat Modeling: Security Development Lifecycle. Tyrell Flurry Jeff Thomas Akhil Oniha. What is Threat Modeling?.

muriel
Download Presentation

Threat Modeling: Security Development Lifecycle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Threat Modeling:Security Development Lifecycle Tyrell Flurry Jeff Thomas Akhil Oniha

  2. What is Threat Modeling? • An engineering technique used to aid in the identification of assets, vulnerabilities, threats, attacks and countermeasures for a given system or software. Threat modeling helps to: • Identify security objectives. • Identify threats. • Identify vulnerabilities, countermeasures and mitigation strategies

  3. Why Microsoft SDL? • Threat modeling is a complex task that few individuals can properly execute • Software architects are generally more concerned with operation and performance than security • Microsoft SDL transforms threat modeling into an activity that any software architect can perform effectively

  4. How Does Microsoft SDL work? • Microsoft based application must be used on Microsoft OS and requires Microsoft Visio for diagramming system • Step 1: Diagram/whiteboard system • Step 2: Identify Threats (STRIDE approach) • Step 3: Identify Mitigation Strategies • Step 4: Validate system and repeat

  5. Our Approach • Utilize the Microsoft SDL to analyze the threats faced by a fictitious bank’s online banking application. • Whiteboard system Level 0 DFD • Utilize Microsoft SDL to identify threats that face each component/element of the DFD • Establish appropriate mitigation strategies

  6. System Diagram & App. Home Screen

  7. Model Analysis (All Element View)

  8. Model Analysis (Single Element View)

  9. System Environment Description

  10. System Reports

  11. System Reports cont …

  12. Questions ???

More Related