WebApp Sec mailing list archives
Re: Threat Modelling
From: "Frank O'Dwyer" <fod () littlecatZ com>
Date: Tue, 25 May 2004 07:06:27 +0100
Brewis, Mark wrote:
Mark Curphey wrote: Sent: 23 May 2004 14:22In general IMHO this conversation started discussing apples (threat modeling to build better technical solutions) and is now trying to compare oranges to apples (info sec management of systems).Agreed; the discussion has moved from the modelling necessary for the secure coding of an app. or the pentesting of that app. into assessing the wider holistic security environment.
No it hasn't. Taking wider non-technical issues and business requirements into account is part of the "modelling necessary" in order to deliver "secure code", that's the point. This in turn is part of what you need to do to deliver secure technical systems that participate in some business process - which is the real objective. You can certainly use different and multiple tools for different aspects as part of some larger approach, but you can never completely separate these concerns because they are connected and affect each other. Otherwise you may wave away some security issue as being "infosec management" or part of the "wider environment" when in fact it may mean you need to write different code or test for different things.
That's great, if that is what I want to do. If a wanted to define a test strategy, or identify generic class vulnerabilities in an app. under development, that doesn't meet my needs.
Sure it does. Or at least you've failed to provide any reason why it wouldn't. Nothing about taking wider issues into account AS WELL implies that you wind up without a test strategy, or miss generic class vulnerabilities. It may mean you wind up with a better test strategy. Whereas doing "secure coding" in isolation from these considerations can mean you wind up with a pointless test strategy, one that tests the wrong system for the wrong things. Plus no strategy can test for flaws in something that isn't there, or that fails to address a business security requirement in the first place. That's over and above the fact that any security model that gives a lot of weight to the needs of pentesting is pretty much doomed to being wrong from the outset, because most security attributes are quality attributes for which testing is a really poor fit.
I wanted a screwdriver, and you've passed me a monkey wrench.
Well no I haven't - you wanted a screwdiver and I've given you a screwdriver. I've also given you a rawlplug and a drill, and pointed out that unless you use all three together in the right order and in the right way, the shelf you've been trying to put up will keep falling down. [...] Cheers, Frank -- Frank O'Dwyer <fod () littlecatZ com> Little cat Z http://www.littlecatZ.com/
Current thread:
- RE: Threat Modelling Brewis, Mark (May 21)
- RE: Threat Modelling brennan stewart (May 22)
- RE: Threat Modelling Mark Curphey (May 22)
- Re: Threat Modelling Frank O'Dwyer (May 23)
- RE: Threat Modelling Mark Curphey (May 23)
- Re: Threat Modelling Frank O'Dwyer (May 23)
- RE: Threat Modelling Mark Curphey (May 22)
- RE: Threat Modelling brennan stewart (May 23)
- Re: Threat Modelling mfranz (May 23)
- Code Signing Certificate & Chat software george eapen (May 26)
- RE: Threat Modelling brennan stewart (May 22)
- <Possible follow-ups>
- RE: Threat Modelling Brewis, Mark (May 23)
- Re: Threat Modelling Frank O'Dwyer (May 25)
- RE: Threat Modelling Runion Mark A FGA DOIM WEBMASTER(ctr) (May 24)
- RE: Threat Modelling Brewis, Mark (May 25)
- Re: Threat Modelling Frank O'Dwyer (May 25)