Software Security

Archive for the 'Threat Modeling' Category

 

Sirens in the night: Civil defense systems susceptible to legacy vulnerabilities

Increasingly, computer hacking is leaving the traditional network and reaching out into the physical world. So it shouldn’t be too surprising that two recent well-publicized hacks were accomplished using non-traditional ways. One, the sounding of all 100+ civil defense sirens in Dallas, Texas (for 90 minutes during the night) most likely used only sound waves […]

Continue Reading...

Posted in Security Architecture, Threat Modeling, Vulnerability Assessment | No Comments »

 

How to benchmark your software security strategies

Evaluating the progress of your software security journey is essential, but it can be a considerable challenge. Tracking operational metrics doesn’t tell you whether you are doing the right things. Analyst reports are often too general to provide tactical direction. And companies hold their security plans so close to the vest, it makes competitive research […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Threat Modeling | Comments Off on How to benchmark your software security strategies

 

Internet of Things (IoT): Rethinking the threat model

On February 4, 2017, a Saturday night, a high-school student in the U.K. realized he wasn’t going to university to study computer science so he wrote a short program in C, and within a few hours had 150,000 internet-connected printers across the world spitting out ASCII art and messages. All this was harmless although the […]

Continue Reading...

Posted in Internet of Things, Software Composition Analysis, Software Security Testing, Threat Modeling | Comments Off on Internet of Things (IoT): Rethinking the threat model

 

3 presentations you don’t want to miss at AppSec California 2017

The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 presentations you don’t want to miss at AppSec California 2017

 

How to scale your threat modeling capability

So, you have one or two, maybe tens, or maybe even hundreds of applications already built and deployed. You want to create threat models for those applications. But, why? Come on, you know why—to identify potential flaws that have been there since the applications were created. And of course you also want to create threat […]

Continue Reading...

Posted in Software Security Testing, Threat Modeling | Comments Off on How to scale your threat modeling capability

 

Goal-oriented security threat modeling approaches

When it comes to security, the vast majority of firms take measures to discover and remediate implementation-level software defects (i.e., bugs) in code. While this is a great start to securing software and data, it’s just that—a start. Bugs are only half the problem. It’s a necessary practice to look beyond squashing bugs, and into the […]

Continue Reading...

Posted in Code Review, Software Security Testing, Threat Modeling | Comments Off on Goal-oriented security threat modeling approaches

 

Checklist: Take control of your risk management process

The power of threat modeling is that it makes you think about your system’s specific characteristics. It allows you to gain visibility around weaknesses that pose significant impact to your entire organization. This checklist explores four key ways to use threat modeling to avoid sink holes in your risk management process. Identify threats that exist […]

Continue Reading...

Posted in Software Security Testing, Threat Modeling | Comments Off on Checklist: Take control of your risk management process

 

5 things to do before your threat modeling assessment

When preparing for a threat modeling assessment, there are a lot of moving parts to consider within a firm. These assessments often cause concerns throughout the organizational hierarchy. Don’t worry, that’s normal. To steady those nerves, here are five activities to undertake before your next threat model that will set your team and organization up for […]

Continue Reading...

Posted in Software Security Testing, Threat Modeling | Comments Off on 5 things to do before your threat modeling assessment

 

The 5 pillars of a successful threat model

Threat modeling identifies risks and flaws affecting a system. A thorough analysis of the software architecture, business context, and other artifacts (i.e. functional specifications, user documentation) allows practitioners of the threat modeling process to discover important aspects of the system—security-related or not—and synthesize an understanding of the system that may not yet exist within the […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Threat Modeling | Comments Off on The 5 pillars of a successful threat model

 

Software security initiative capabilities: Getting started

A software security initiative (SSI) often begins with one of three common security capabilities: Penetration testing Code review Some sort of secure design review (e.g., threat modeling) During this year’s OWASP AppSec California, Synopsys’ Jim DelGrosso presented on the benefits and drawbacks of these software security initiative capabilities. Watch as he illustrates how each capability fits into building a […]

Continue Reading...

Posted in Code Review, Penetration Testing, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on Software security initiative capabilities: Getting started