Executive Summary (This is a document excerpt)

Many application architects and developers don't know enough about developing secure applications. Worse, many of them have a naive notion of application security that lulls them into thinking they have all the security bases covered. This means that security and risk professionals often uncover security vulnerabilities late in the software development life cycle — or, heaven forbid, the vulnerabilities become a feature story on the front page of The Wall Street Journal. The later security holes are detected, the more it costs to plug them. The solution is to avoid security vulnerabilities as early as possible by employing principles of secure design such as threat modeling. Developers and auditors can use code analysis tools such as Coverity Prevent, Fortify 360, and Ounce Labs' Ounce to uncover familiar vulnerabilities such as buffer overflows and SQL injection. But these tools are only part of the solution; developers should also do threat modeling on new and existing applications. Microsoft's SDL Threat Modeling Tool is a unique new tool that helps developers identify and mitigate security risks to make applications more secure from the get-go.

Buy Risk-Free

Download and print PDF immediately. Price: US $1749

Our Money-Back Guarantee: If you are not completely satisfied, return it for a full refund within three weeks of your online purchase.

Already a Forrester Client?
Log in to read this document.