您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Microsoft 威胁建模工具风险缓解Microsoft Threat Modeling Tool mitigations

威胁建模工具是 Microsoft 安全开发生命周期 (SDL) 的核心要素。The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). 当潜在安全问题处于无需花费过多成本即可相对容易解决的阶段,软件架构师可以使用威胁建模工具提前识别这些问题。It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. 因此,它能大幅减少开发总成本。As a result, it greatly reduces the total cost of development. 此外,我们设计该工具时考虑到了非安全专家的体验,为他们提供有关创建和分析威胁模型的清晰指导,让所有开发人员都可以更轻松地使用威胁建模。Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.

请访问 威胁建模工具 以立即开始!Visit the Threat Modeling Tool to get started today!

风险缓解类别Mitigation categories

威胁建模工具缓解措施根据 Web 应用程序安全框架分类,包括:The Threat Modeling Tool mitigations are categorized according to the Web Application Security Frame, which consists of the following:

类别Category 描述Description
审核和日志记录Auditing and Logging 谁在何时做了什么?Who did what and when? 审核与日志记录是指应用程序如何记录安全相关的事件Auditing and logging refer to how your application records security-related events
身份验证Authentication 您是谁?Who are you? 身份验证是某个实体证明另一实体的身份的过程,这通常是通过用户名和密码等凭据完成的。Authentication is the process where an entity proves the identity of another entity, typically through credentials, such as a user name and password
授权Authorization 该怎么办?What can you do? 授权是指应用程序如何提供对资源和操作的访问控制Authorization is how your application provides access controls for resources and operations
通信安全Communication Security 在与谁对话?Who are you talking to? 通信安全可确保以尽量安全的方式进行所有通信Communication Security ensures all communication done is as secure as possible
配置管理Configuration Management 应用程序的运行身份是什么?Who does your application run as? 它连接到哪些数据库?Which databases does it connect to? 如何管理应用程序?How is your application administered? 如何保护这些设置?How are these settings secured? 配置管理是指应用程序如何处理这些操作问题Configuration management refers to how your application handles these operational issues
加密Cryptography 如何保守机密(保密性)?How are you keeping secrets (confidentiality)? 如何防止对数据或库(完整性)进行篡改?How are you tamper-proofing your data or libraries (integrity)? 如何针对必须强加密的随机值提供种子?How are you providing seeds for random values that must be cryptographically strong? 加密是指应用程序强制实施保密性和完整性Cryptography refers to how your application enforces confidentiality and integrity
异常管理Exception Management 当应用程序中的方法调用失败时,应用程序会采取什么措施?When a method call in your application fails, what does your application do? 透露的信息量有多大?How much do you reveal? 是否向最终用户返回友好的错误信息?Do you return friendly error information to end users? 是否向调用方传回有用的异常信息?Do you pass valuable exception information back to the caller? 应用程序是否正常失败?Does your application fail gracefully?
输入验证Input Validation 如何知道应用程序接收的输入有效且安全?How do you know that the input your application receives is valid and safe? 输入验证是指应用程序在进一步处理之前筛选、清理或拒绝输入。Input validation refers to how your application filters, scrubs, or rejects input before additional processing. 请考虑通过入口点限制输入,通过出口点为输出编码。Consider constraining input through entry points and encoding output through exit points. 是否信任数据库和文件共享等源中的数据?Do you trust data from sources such as databases and file shares?
敏感数据Sensitive Data 应用程序如何处理敏感数据?How does your application handle sensitive data? 敏感数据是指应用程序如何处理必须在内存中、通过网络或在持久性存储中保护的任何数据Sensitive data refers to how your application handles any data that must be protected either in memory, over the network, or in persistent stores
会话管理Session Management 应用程序如何处理和保护用户会话?How does your application handle and protect user sessions? 会话是指用户与 Web 应用程序之间的一系列相关交互A session refers to a series of related interactions between a user and your Web application

它可以帮助识别:This helps you identify:

  • 最常见的错误发生在哪个位置Where are the most common mistakes made
  • 可在哪个位置实施可行性最大的改进Where are the most actionable improvements

因此,可以使用这些类别来重点完成并优化安全工作,以便在输入验证、身份验证和授权类别中出现最流行的安全问题时,可以从这些位置着手。As a result, you use these categories to focus and prioritize your security work, so that if you know the most prevalent security issues occur in the input validation, authentication and authorization categories, you can start there. 有关详情,请访问此专利链接For more information visit this patent link

后续步骤Next steps

请访问威胁建模工具威胁,以详细了解有关该工具用于生成可能的设计威胁的威胁类别。Visit Threat Modeling Tool Threats to learn more about the threat categories the tool uses to generate possible design threats.