Threat Modeling – Finding defects early in the cycle
Finding a proven pattern to find defects early in your cycle saves not just money but also the time required to patch those defects. Threat modeling is a tested and proven method to meet this objective. This procedure evaluates the vulnerabilities that can potentially exist in a target under observation. The vulnerabilities may or may not exist, but assuming that they do and then proceeding with the Software development Life Cycle is a pro-active way of securing your applications.
Prioritizing the area that needs more focus in order to reduce the attack surface is the primary aim of this model. This assessment is done as an iterative process which comes in to picture when new modules are added in to the application. The end result of this assessment is the security profile of that particular application under observation.
In this article, I shall explain about a famous security engineering pattern called the STRIDE model. The acronym STRIDE stands for:
Denial of Service attacks
Elevation of privilege
Read it in full at InfosecInstitute.