Threat Models (TMs)

Security testing is required prior to shipping any software these days as there are so many threats coming from so many angles against so many entry points. Buffer Overruns, Integer Overflows, Cross-Site Scripting, Race Conditions, Driver Reliability, Security Operations, Validation, Alternate Cod Paths, Bad Assumptions, Assertions and thousands of other problems and quirks can give leave the door open for mischievous and/or malicious attacks.

There are various security testing tools to use and testing methods to follow but just using tools and testing methods alone can miss vulnerable areas. A good way to figure out where your vulnerabilities are, is Threat Modeling.

Threat Modeling is a process of identifying and documenting the vulnerable areas and issues of the system. A system is anything that exposes functionality to an end user. A system can describe a single feature and anything all the way up to a full blown multi-tier web application including all of its various tiers and supporting infrastructure.

Threat Modeling is methodical and complete, describes the system's threat profile, characterizes the security of the system, and often finds many vulnerabilities not normally thought of using normal testing methodology. Using Threat Models (TMs) at Microsoft is a required process for any release and is often done multiple times throughout a release cycle prior to shipping.

If you are creating an end user system of any size, I highly suggest that you take the time to properly Threat Model your system prior to releasing it. Use MSN Search and enter "

Threat Modeling" for more information on the steps to follow and how to properly create Threat Models for your system. It is time consuming and is thought intensive but I'm sure that you will be glad you took the time to do it after you have completed your Threat Models. :-)