Wednesday, March 25, 2015

Threat Modeling a SharePoint Application

Threat Modeling a SharePoint Application: An exploratory exercise in preventing data breaches and theft

By Tony Graves SharePoint Developer and Consultant​


Threat Modeling Book Cover.jpg 

Threat modeling is about using models to find security problems. Using a model means abstracting away a lot of details to provide a look at a bigger picture, rather than the code itself. You model because it enables you to find issues in things you haven’t built yet, and because it enables you to catch a problem before it starts.

Threat Modeling can be applied to software you’re building or deploying, or software you’re considering acquiring. Building a SharePoint Solution or website is no different. Here is a brief guide on how to build a minimum threshold for your organization in a SharePoint environment.

Not all content holds the same value for an organization. Some content is transitory and will only provide value for a short time, while other content serves as official records, preserving evidence for a transaction or decision making tool such as eDiscovery.

Based on the book, "Threat Modeling: Designing for Security" the only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!

Read more...
http://www.blacksgonegeek.org/publications


Join The Blacks Gone Geek Community http://www.blacksgonegeek.org/Pages/JointheBlacksGoneGeekCommunity.aspx

1 comment:

  1. Application Threat Modeling helps organizations acknowledge, manage, and communicate security risks affecting applications, ensuring that security has been built into the system. Application Threat Modeling identifies possible threats to the system, regardless of whether or not they can be exploited. FishNet Security uses a multi-phased approach to Application Threat Modeling that involves gaining an understanding of the system’s complexity, formulating specific security objectives and requirements, analyzing threats based on their criticality and likelihood, and working with organizations to determine whether to mitigate threats or accept the risk associated with them. FishNet Security profiles the application to identify entry and exit points, determine components at risk of attack, and analyze the potential results of successful attacks. Threat Modeling, or risk analysis, early in the SDLC allows organizations to minimize or completely eradicate threats before a single line of code is ever written.

    ReplyDelete