Use Threat Modeling To Develop More-Secure Applications
The Payoff Is High For Avoiding Security Vulnerabilities During Development
March 10, 2009
Why Read This Report
Many application architects and developers don't know enough about developing secure applications. Worse, many of them have a naive notion of application security that lulls them into thinking they have all the security bases covered. This means that security and risk professionals often uncover security vulnerabilities late in the software development life cycle — or, heaven forbid, the vulnerabilities become a feature story on the front page of The Wall Street Journal. The later security holes are detected, the more it costs to plug them. The solution is to avoid security vulnerabilities as early as possible by employing principles of secure design such as threat modeling. Developers and auditors can use code analysis tools such as Coverity Prevent, Fortify 360, and Ounce Labs' Ounce to uncover familiar vulnerabilities such as buffer overflows and SQL injection. But these tools are only part of the solution; developers should also do threat modeling on new and existing applications. Microsoft's SDL Threat Modeling Tool is a unique new tool that helps developers identify and mitigate security risks to make applications more secure from the get-go.
Already a Client?
Log in to read this document.
Become a Forrester Client
Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.
This report is available for individual purchase ($2495 USD).Purchase
Table of Contents
- You Must Develop More-Secure Applications
- Threat Modeling Is Essential To Making Applications Secure
- Speed Threat Modeling With A Tool-Enabled, Four-Step Process
- Model Threats To Develop More-Secure Applications
WHAT IT MEANS
- More Threat Modeling Tools Will Help Developers Take The Lead
- Related Research Documents
The Four Things Data Scientists Wish You Knew
October 26, 2015 | Brian Hopkins
Prescriptive Analytics: The Black Belt Of Digital Decisions
January 10, 2017 | Mike Gualtieri
Artificial Intelligence: What's Possible For Enterprises In 2017
November 1, 2016 | Mike Gualtieri