2 Understanding Threat and Risk The key to good application security design is t

Question

2 Understanding Threat and Risk

The key to good application security design is the ability to identify threats and develop a formal response to the risks they represent. That capability depends on being able to analyze and prioritize each risk. Prioritization is particularly important in conventional business because there are never enough resources to mitigate every risk. Therefore, you should have a prescribed solution in place to deal with those threats that represent the greatest likelihood of harm. Threat modeling is an important aspect of developing that solution.

There is not, however, a one-size-fits-all approach to threat modeling. While Microsoft's Threat Modeling process is recommended by many in the industry, they recognize that the security needs of your organization and its applications will determine which approach is the best fit.

In your post:

Explanation / Answer

OWASP recognizes that the adoption of the Microsoft modeling process may not fit all organizations. If STRIDE and DREAD are unacceptable for some reason, we recommend that your organization

Related Questions

Navigate

• Browse (All)
• Browse 2
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.