01 Jan 2017
Have you ever developed an application that will need to connect to a Secure Sockets layer (SSL) enabled endpoint? If you answered yes, then you might agree with me on how all that red tape will keep slowing your development progress down. As a result of SSL being enabled, you could experience the following concerns:
Developers may get frustrated with all the mentioned concerns where they would have to decide to disable the SSL checks made by the server. When the code goes through the different stages of the pipeline you get to find that they have forgotten to turn the SSL certification checks back on. You find most organizations deploying high-risk security prone applications into a production environment.
A recent study by “WhiteHat Security” shows that on average, critical vulnerabilities will stay open for 875 days. What was alarming about these findings, was that these open vulnerabilities are found in the Information Technology industries.
In most organizations, security has little or no sense of urgency and is rarely considered when developing applications. The only time they consider it, is when they have to pass some security audit or they are facing urgent security escalation from customers. To some organizations, security is just like that unwanted cousin in the family. But with the recent Sony, Apple iCloud and Ashley Madison hacks, we can agree that it is a little more than just an embarrassing experience that could be detrimental to the business and the customers. Some of the many ways we can try to circumvent security loopholes are to put processes in place and one of these processes can be Threat Modeling.
Threat modeling is a process used to allow an organization to apply a structured approach to designing and building more secure systems/applications. This is achieved by analyzing the security aspects of the application to be developed, identifying potential vulnerabilities and defining countermeasures to prevent or mitigate effects of the threats. Security issues are usually discovered in later stages of development or close to go-live. Usually resulting in extended deadlines that can be prevented by adopting this practice.
As we all know the old cliché “prevention is better than cure”. So with that being said, the earlier we start the process of detecting security loopholes, the more time we have to find and fix security defects that may loom up.
Threat modeling can be grouped into 3 high-level steps (not set in stone):
1. Decompose the application:
2. Determine and rank threats:
3. Determine countermeasures and mitigation:
With all this said, Security should not be a “byproduct” of systems we build. It should be baked with the product that is being built. This will increase confidence in the product with concerns related to security. If we start encouraging these principles, organizations could avoid loss of revenue, data breaches and public relations nightmares caused by security loopholes that are baked into the applications being built while reducing the reliability on external security companies to ensure that their products are secure before every production deployment.