Friday, January 25, 2008
Application software threat analysis
Buggy and insecure software applications are the top factor in security breaches.
The majority of data breaches are caused by attackers that exploit application software vulnerabilities. Attackers are not limited to Islamic cyber-terror groups like Team Evil, that exploited a known vulnerability in the Invision Power Board Web application. Software vulnerabilities are increasingly exploited by threats from trusted insiders such as contract programmers who have access to the source control repositories of company projects.
We improve software security with software quality
Software defect reduction is a highly economical way of preventing data breaches. You may be able to save hundreds of thousands of dollars in your security budget by decisive, focused software defect reduction.
We carry out a systematic threat analysis on critical business and Internet-facing Web applications after choosing a particular business unit and application functions. You get a cost-effective risk mitigation plan that shows you where and how you should remove software defects and how best to maintain reliable software.
The process requires executive level sponsorship that will later on, need to buy into implementation of the risk mitigation plan. The team members are chosen at a preliminary planning meeting with the lead consultant and the project's sponsor. There are typically 4-8 active participants with relevant knowledge of the business and the software. The team is lead by 2-4 expert Software Associates consultants that have the domain expertise, people skills and patience to guide a chaotic process.
The threat analysis follows a 7 step process: Set scope, Identify business assets, Identify software components, Classify vulnerabilties, build a system threat model, build the risk-mitigation plan and validate findings. Since there is normally a great deal of shared information between process steps, control flows asynchronously between steps.
Companies that perform software application threat analysis receive a clear picture of where to focus their software quality and application patching efforts.
Contact us today for a free consultationUS: +1 301-841-7122Israel: +972 (0)3 610 9750Sales AT software DOT co DOT il
More professional services from Software Associates
Digital Asset Protection
Business vulnerability assessment
Risk control optimization
Featured research articles
Software security assessment of production systems
The 7 step process for software threat analysis
Practical threat analysis in software development
10 questions your CEO should be able to answer
Next >
more
Subscribe to:
Post Comments (Atom)
1 comment:
Dear Colleagues,
I would like to inform you that on October 2008 we released a major update of PTA - Practical Threat Analysis Professional Edition (1.54 - build 1206). The latest version introduces a revised reporting system which enables better aggregation and sorting of threat model data and analysis results. The new mechanism allows users to define simple Tags Filter queries which filter the data shown in reports according to the tags attached to the threat’s model entities: Assets, Threats, Vulnerabilities and Countermeasures.
You are invited to review the latest changes as well as to download and install the freeware risk assessment tool from the following link: http://www.ptatechnologies.com/latestupdate.htm.
I'll be happy to have your feedback and answer your questions on any issue.
Best regards,
Zeev Solomonik
The PTA Team
http://www.ptatechnologies.com
zeev@ptatechnologies.com
Post a Comment