Software and Application Security Services
Research has shown that fixing security problems early in the development cycle is both more efficient and more cost effective than the traditional penetrate-and-patch model. Foundstone threat modeling services allow our consultants to identify detrimental software security problems, often before the software is even built. Software engineering studies have shown that about 80 percent of the security bugs and flaws are introduced during the early stages of software development, often before even a single line of code has been written. Using threat modeling, we can typically often identify over 75 percent of the issues, thus enabling development teams to prevent implementing insecure software. Foundstone consultants are expert reviewers and have helped Microsoft® develop its threat modeling methodologies. We have significant experience building models for a wide variety of software, including portals, e-commerce sites, financial services and health care applications, and desktop and developer software. Foundstone starts all sizeable code assessments with a threat model. Threat models help us manage the size of the code base we need to examine down to a much smaller scope (typically between 40 percent and 60 percent of the original code size).
Foundstone's capability in building application threat models originates with our software and application security (SASS) consultants, who have performed threat models and source code audits on numerous client applications as well as their own software. Our SASS consultants have all worked as development practitioners on commercial enterprise software systems and understand the software development process as well as why and how security bugs and flaws are introduced.
Conceptually, application threat modeling is a systematic process that consists of several discrete steps with clearly defined entry and exit criteria, deliverables, and objectives. Based on our experience, we have seen that successful modeling activity usually follows a pattern. By ensuring that key steps take place, we ensure that our modeling activity is focused and effective.
As with all good processes, the first step is to plan activity and optimize the process for a successful outcome. This includes activities such as:
- Identifying threat modeling team
- Defining the risk ranking model to be used if any
- Agreeing on terminology for the modeling activity
The second step is to model the business view - the business environment in which the system operates. This needs to be analyzed to ensure that the systems functionality and business purpose is understood. Laws, guidelines, policies, and other relevant regulations have to be considered.
In the final step, the system is analyzed from a technical standpoint. A solid understanding of the system is important for the success of the whole process. As part of this step, Foundstone consultants perform a detailed architecture and design review for security that focuses on identifying the attack surface and potential attack vectors.
Based on the information collected during this process, we can model threats and existing countermeasures. From there, we develop a model of your risk level. We have designed our methodology to be generic enough for different risk models.
Often the entire process is iterative in nature.
We produce both graphical and textual models that are used to drive pragmatic security decisions. Our deliverables typically include Microsoft® Visio® based models of the application architecture as well as the sorted and tabulated data and results. Our models can include testing plans on demand.
Contact us to learn how our security services can help you protect your most important assets today.
