Is your Web site safe? Are you sure? Are you sure? Would you put a month's salary on it?
One way to be more certain that your Web site is safe from hackers is to do a Threat Model. However, many people balk at doing a Threat Model for many reasons:
- "What's a Thread Model?"
- "Threat Modelling is too complicated."
- "We'll add security at the end."
To help out, JD & his crack team of SecBots have prepared an excellent guide to performing Threat Modelling of Web apps. Easily digestable, simple, fast and best of all, *proven*. JD has worked with more companies than I'd care to mention. He's seen sites that invited people, he's seen HackOffs. He's seen bad Threat Models, and good. This guide steps you through building a good threat model, complete with templates, cheat sheet and step-by-step walk-through.
If you create public-facing Web sites, read this. Please.
Print | posted on Wednesday, May 18, 2005 12:25 AM