Java Reference
In-Depth Information
System
Characterization
Risk Mitigation
Strategy
Vulnerability
Assessment
hreat Analysis
Figure 5.8
the risk assessment phase for an existing web application.
for a Web application. We delved into the system characterization process, where we identify the
critical information assets, stored, processed, or transmitted by a Web application. As part of the
System Characterization process, we identiied the type of users who will be using the application
and also the application architecture to aid us in formulating subsequent security requirements.
Security policies for the Web applications was the next topic of discussion, where we delved into
the various inluencing factors for a Web application security policy. We then explored threat
analysis. We began with the understanding of vulnerabilities and we dove deep into several com-
mon Web application vulnerabilities. hreat proiling and threat modeling are two processes in
threat analysis that aid in the understanding of how threats can identify vulnerabilities and attack
applications. We delved into various scenarios for our understanding of threats. We discussed the
concept of risk mitigation strategies, where the detailed security requirements for a Web applica-
tion are formulated based on the severity of the threats identiied and the security policies and
industry best practices as necessary. Web Application Risk Assessment need not only be performed
for a un-developed web application but is also useful for a developed web application. We learned
how to perform a risk assessment activity for an existing Web application and how vulnerability
assessment would be a key process to achieve that.
Search WWH ::
Custom Search