Monthly Archives: February 2013

Threat Modeling – Finding defects early in the cycle

InfosecInstitute

 

Finding a proven pattern to find defects early in your cycle saves not just money but also the time required to patch those defects. Threat modeling is a tested and proven method to meet this objective. This procedure evaluates the vulnerabilities that can potentially exist in a target under observation. The vulnerabilities may or may not exist, but assuming that they do and then proceeding with the Software development Life Cycle is a pro-active way of securing your applications.

Prioritizing the area that needs more focus in order to reduce the attack surface is the primary aim of this model. This assessment is done as an iterative process which comes in to picture when new modules are added in to the application. The end result of this assessment is the security profile of that particular application under observation.

In this article, I shall explain about a famous security engineering pattern called the STRIDE model. The acronym STRIDE stands for:

  1. Spoofing
  2. Tampering
  3. Repudiation
  4. Information Disclosure
  5. Denial of Service attacks
  6. Elevation of privilege

Read it in full at InfosecInstitute.

Regards

3psil0nlambda

Whats your Identity??

InfosecInstitute

Identity management as a platform is an emerging branch of Information security. Top vendors such as Microsoft, IBM, and Oracle have taken serious plunges into the Identity management arena. In this article, we shall see what it takes to implement an Identity management solution. Information security comprises various individual components that need to go hand in hand. One of the most important components is Identity management. Be it an intrusion prevention system, site advisors, or anti-malware solutions, each has one common requirement, the identity of the user. Identity management comprises various smaller components, such as LDAP authentication, active directory authentication, authentication chain mechanisms, one-time password transactions, Kerberos authentication, and integrated Windows authentication. A successful Identity management solution uses all these flavors seamlessly.

Read the full article at InfosecInstitute Resources.

Cheers

3ps!l0nLaMbDa