Threat Modelling


With the uptake of Rich Internet Application (RIA) electronic trading systems, financial institutions have had to increase the focus on security from both a systems perspective, and a training/education perspective.  Specifically, with the move to enabling financial clients (external customer) with internet applications, the need for the development teams who build those systems has become paramount.  Historically the development teams of financial applications lived within the financial corporations firewalls, and thus the already high level of internal security partially avoid the development team from having to learn about the threat of Man-In-The-Browser attacks, as the financial institution controlled the LAN, browser, desktop, building entry etc.  Hence what follows are a few relevant reading items for any teams venturing down the security Threat Model road:

  • Threat Modelling For Security Tokens In Web Applications
  • Threat Modelling for Web Application Deployment
  • An Approach To Web Application Threat Modeling
  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework
  • Attack Modeling for Information Security and Survivability
  • Threat Modeling
  • Threat Modeling Web Applications

Update:  Further items of possible interest:

  • Universal man in the browser malware allows real-time information processing
  • Man-in-the-Browser
  • Defeating Man-in-the-Browser Malware

 

~ by mdavey on June 5, 2012.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: