I have recently been looking at threat modelling. Have you ever been in a situation where the project manager says “is this solution secure”? More often than not people are scrambling after the event to plug the holes in the application that might make the ship sink. A more proactive approach would be to model threats and talk about solutions from a defensive point of view – ideally at functional specification.
Using the Microsoft Threat Analysis and Modelling Tool v2.0 you can start to define an application in terms of a richer taxonomy (I’m getting into the lingo)
Specific threats can reveal vulnerabilities that have counter-measures. Each of which can have a response.
- None (!)
…and the results, suggested countermeasures, customization and reports that this application produces are excellent and will “spock” most in your development team.
It will take a lot of time to setup but the benefits could well out any problems down the track.
ACE Blog http://blogs.msdn.com/threatmodeling