It is recommended to introduce a new engineering technology: [Threat modeling] related series of articles "Threat modeling Web Applications"

Source: Internet
Author: User

In the past, when we established and developed web applications, especially engineering projects to be deployed on the Internet, we had to consider security issues more or less and analyze possible vulnerabilities to determine how to effectively prevent attacks, however, few companies or individuals attribute such behavior activities to project modeling. Only a group of people come up with an imperfect defense solution through discussion and analysis, even more, many applications are waiting for the deployment to fix the relevant vulnerabilities, which makes the developers exhausted and hurt the "talent ".

Before application development, how can we notice as many system vulnerabilities as possible in the design and analysis phase? A relatively complete modeling system needs to be established. Yesterday (), msdn launched a seriesArticleThreat modeling Web ApplicationsProgramThis Guide provides the patterns & Practices method to create a threat model for Web applications. Describes [Threat modeling], [Threat modeling], five main steps of [Threat modeling], and related concepts and resources;

Of course, even in this case, it is still impossible to completely avoid application attacks. However, by studying these technical documents, we can better identify security targets, identify related threats, and determine relevant vulnerabilities and countermeasures, make the application design meet your security goals, reduce the risks of security problems arising during development and operations, and draw many ideas about security modeling, more effective development of safer web application systems;

The following is the URL of the sorted resources for easy reading.
· Threat modeling Web Applications
· Web application threat model Overview
· "How to: create a threat model for Web applications during design"
· "Drill: creating a threat model for Web applications"
· "Template: Web application threat model"
· "Template example: Web application threat model"
· "Memo sheet: Web Application Security Framework"

at the same time, I hope you can talk about how you used to perform the above Modeling Behavior? Is a group of people come up with a defense scheme through discussion and analysis, or will they be able to remedy it after being attacked after deployment? Welcome to the speech

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.