CLIP THIS INQUIRY

Select a group:

Group Name
Create New GroupClip

CLIP THIS FLOW

Select a group:

Group Name
Create New GroupClip

For Application Development & Delivery Professionals

Use Threat Modeling To Develop More-Secure Applications

The Payoff Is High For Avoiding Security Vulnerabilities During Development

March 10, 2009

By Mike Gualtieri with Mike Gilpin, Chenxi Wang, Wallis Yu

  • 600 downloads
  • 0 comments
  • Rating:

Why Read This Report

Many application architects and developers don't know enough about developing secure applications. Worse, many of them have a naive notion of application security that lulls them into thinking they have all the security bases covered. This means that security and risk professionals often uncover security vulnerabilities late in the software development life cycle — or, heaven forbid, the vulnerabilities become a feature story on the front page of The Wall Street Journal. The later security holes are detected, the more it costs to plug them. The solution is to avoid security vulnerabilities as early as possible by employing principles of secure design such as threat modeling. Developers and auditors can use code analysis tools such as Coverity Prevent, Fortify 360, and Ounce Labs' Ounce to uncover familiar vulnerabilities such as buffer overflows and SQL injection. But these tools are only part of the solution; developers should also do threat modeling on new and existing applications. Microsoft's SDL Threat Modeling Tool is a unique new tool that helps developers identify and mitigate security risks to make applications more secure from the get-go.
Tags: Application Security, Incident Response & Investigations, Security Operations, Security, Risk and Compliance, Vulnerability & Threat Management
US $ 2495
Become A Client

Get objective, pragmatic guidance that helps you make tough decisions and succeed in a complex world. Contact us to learn more.

Already A Client?
Log in to read this document.

TABLE OF CONTENTS

  • You Must Develop More-Secure Applications
  • Threat Modeling Is Essential To Making Applications Secure
  • Speed Threat Modeling With A Tool-Enabled, Four-Step Process

  • RECOMMENDATIONS

    Model Threats To Develop More-Secure Applications

  • WHAT IT MEANS

    More Threat Modeling Tools Will Help Developers Take The Lead
  • Related Research Documents
 
Loading...

Browse

About Forrester

Forrester Research, Inc. is an independent research company that provides pragmatic and forward-thinking advice to global leaders in business and technology.

Roles We Serve

Forrester supports leaders in 13 roles across three distinct client segments: Business Technology, Marketing & Strategy, and Technology Industry.

Analysts & Coverage Areas

Aligned to your professional role, Forrester's analysts are experts in the specific technologies, issues, and trends currently impacting your business.

Research
Latest Reports
Playbooks
Charts & Figures
Forrester Waves
Planned Research
Data
Consumer Data
Business Data
Events
Forums
Webinars
Workshops
Tools & Templates
Vendor Selection Aids
Best Practice & Self-Assessments
Models & Calculators
Document Templates

Forrester Leadership Boards

Fresh thinking and collaborative problem-solving through an unmatched combination of peer networking, forward-looking analysis, and professional guidance.

Consulting

Our expert analysts provide custom research-based frameworks to guide you through each phase of your critical business initiatives from identifying opportunity to optimizing results.

Community

Connect with peers and analysts, share your views, and ask questions on key business issues.

Blog

Forrester analysts weigh in on the latest business and technology news.

  • BROWSE
  • Register
  • Call +1 617.613.5730
  • Cart