At a Glance: Web Application Threat Modeling
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Threat Modeling Web Applications
J.D. Meier, Alex Mackman, Blaine Wastell
Microsoft Corporation
May 2005
See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.
Home Page for Threat Modeling Web Applications
Summary: This provides a summary view of the main input, output and steps for creating threat models for Web applications. For detailed step by step instructions, see "How To: Create a Threat Model for a Web Application at Design Time".
Contents
Activity Overview
Activity Summary Table
Activity: Threat Modeling for Web Applications
Purpose: Identify relevant threats and vulnerabilities in your scenario to help shape your application's security design.
Input:
- Key use cases and usage scenarios
- Data flows
- Data schemas
- Deployment diagrams
Output:
- A list of threats
- A list of vulnerabilities
Activity Overview
The five major threat modeling steps are shown in Figure 1. You should progressively refine your threat model by repeatedly performing steps 2 through 5. You will be able to add more detail as you move through your application development life cycle and discover more about your application design.
Figure 1. The iterative threat modeling process
The five threat modeling steps are:
- Step 1: Identify security objectives. Clear objectives help you to focus the threat modeling activity and determine how much effort to spend on subsequent steps.
- Step 2: Create an applicationoverview. Itemizing your application's important characteristics and actors helps you to identify relevant threats during step 4.
- Step 3: Decompose your application. A detailed understanding of the mechanics of your application makes it easier for you to uncover more relevant and more detailed threats.
- Step 4: Identify threats. Use details from steps 2 and 3 to identify threats relevant to your application scenario and context.
- Step 5: Identify vulnerabilities. Review the layers of your application to identify weaknesses related to your threats. Use vulnerability categories to help you to focus on those areas where mistakes are most often made.
Activity Summary Table
Table 1 summarizes the threat modeling activity and shows the input and output for each step.
Table 1: Activity Summary with Input and Output
Input | Step | Output |
---|---|---|
|
Step 1: Identify security objectives |
|
|
Step 2: Create an application overview |
|
|
Step 3: Decompose your application |
|
|
Step 4: Identify threats |
|
|
Step 5: Identify vulnerabilities |
|
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |