Threat Modeling @Emc presented at BlueHat 2008

by Danny Dhillon (EMC),

Tags: Security

Summary : Threat modeling is one of the most effective ways to build security into software. When we rolled out threat modeling to software development teams across EMC, we found that traditional approaches require security expertise and the ability to think like an attacker--characteristics that many software developers don't have. Over time, we developed a simple threat modeling approach that is tailored for use by software developers with only a basic level of security knowledge. The approach involves:
Identifying attack surface using data flow diagrams.
Identifying threats using a threat library based on OWASP and common design defects.
Assessing risk by answering 7 ìyes/noî questions to generate a CVSS score and risk ranking.
This approach has been effectively used for over a year at EMC. During the session, I will share details of the approach we developed to identify threats and assess risk as well as general insights from threat modeling at EMC.