DTS Solution
DTS Solution

Seid Yassin presents on Application Threat Modelling at null Dubai

Application Threat Modelling

Advances in web technologies coupled with a changing business environment, mean that web applications are becoming more prevalent in corporate, public and government services today.
Analyzing and modeling the potential threats that an application faces is an important step in the process of designing a secure application. Some of these threats are by nature very specific to the application, and one can only give general guidelines on how to identify such threats. But other threats are directly or indirectly related to the underlying platforms, technologies or programming languages.
Application threat modeling is a structured approach to identifying ways that an adversary might try to attack an application and then designing mitigation to prevent, detect or reduce the impact of those attacks.
Threat Modeling involves identifying assets, identifying potential threats to those assets, categorizing the threats and identifying mitigation strategies in a structured process.

It is essential to build security into the Software Development Life Cycle (SDLC) to prevent reoccurring security problems within an application.

Identifying potential threats against the system modeled is one of the main goals of the Threat Modeling process. By understanding the threats it is possible to determine an application’s vulnerabilities. Microsoft developed the STRIDE model for identifying and classifying threats into categories. STRIDE is an acronym for: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege.

Application Threat Modelling
Advances in web technologies coupled with a changing business environment, mean that web applications are becoming more prevalent in corporate, public and government services today.
Analyzing and modeling the potential threats that an application faces is an important step in the process of designing a secure application. Some of these threats are by nature very specific to the application, and one can only give general guidelines on how to identify such threats. But other threats are directly or indirectly related to the underlying platforms, technologies or programming languages.
Application threat modeling is a structured approach to identifying ways that an adversary might try to attack an application and then designing mitigation to prevent, detect or reduce the impact of those attacks.
Threat Modeling involves identifying assets, identifying potential threats to those assets, categorizing the threats and identifying mitigation strategies in a structured process.
It is essential to build security into the Software Development Life Cycle (SDLC) to prevent reoccurring security problems within an application.

Identifying potential threats against the system modeled is one of the main goals of the Threat Modeling process. By understanding the threats it is possible to determine an application’s vulnerabilities. Microsoft developed the STRIDE model for identifying and classifying threats into categories. STRIDE is an acronym for: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege.

See also:

DTS Solution participates at the HITBSecConf 2018 in Dubai

November 29, 2018

DTS wins “Top SI Award – Security” at the GEC Awards 2018

October 10, 2018

DTS participates at the DigiTec Expo 2018 in Armenia

October 8, 2018

Linkedin X-twitter Facebook Youtube

© Copyrights 2024.
All rights reserved by DTS Solution 
– Cyber Security Redefined

Solutions

Network and Infrastructure Security
Zero Trust and Private Access
Endpoint and Server Protection
Vulnerability and Patch Management
Data Protection
Application Security
Secure Software and DevSecOps
Cloud Security
Identity Access Governance
Governance, Risk and Compliance
Security Intelligence Operations
Incident Response

Industry

Critical Infrastructure
Education
Energy and Utilities
Enterprise and Service Providers
Financial Services and FinTech
Government
Healthcare and BioTech
Legal
Manufacturing
Media and Entertainment
Retail and Ecommerce
Technology and Digital

Services
Cyber Strategy
Cyber Secure
Cyber Operations
Cyber Response
Cyber Resilience
Products

COMPLYAN
FYNSEC
HAWKEYE CSOC WIKI
Firewall Policy Builder

Other

About Us
Awards
Board of Directors
Leadership
Careers
Support
Contact
Vendors
Resources
Press Center
Privacy Policy

Accreditations
ISO27001
ISO45001
CREST
Accreditations
ISO27001
ISO45001
CREST

  Dubai

Office 4, Oasis Center
Sheikh Zayed Road
PO Box 128698
Dubai, UAE

+971 4 3383365
[email protected]
   Abu Dhabi

Office 7, Floor 14
Makeen Tower, Al Mawkib St.
Al Zahiya Area
Abu Dhabi, UAE

+971 2 6573566
[email protected]

   Kuwait

Mezzanine Floor, Tower 3
Mohammad Thunayyan Al-Ghanem Street, Jibla
Kuwait City, Kuwait


+971 4 3383365
[email protected]

   London

160 Kemp House, City Road
London, EC1V 2NX
United Kingdom
Company Number: 10276574

+44 20 3287 3942
[email protected]

The website is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, icons and graphics on the website (collectively, the “Content”) are owned or controlled by us or licensed to us, and are protected by copyright laws and various other intellectual property rights. The content and graphics may not be copied, in part or full, without the express permission of DTS Solution LLC (owner) who reserves all rights.

DTS Solution, DTS-Solution.com, the DTS Solution logo, HAWKEYE, FYNSEC, FRONTAL, HAWKEYE CSOC WIKI and Firewall Policy Builder are registered trademarks of DTS Solution, LLC.