Java Reference
In-Depth Information
Risk Management Process
Risk Assessment
Risk Mitigation
Continuous
Evaluation
• Requirements
• Design
• Development
• Testing
• Deployment
• Maintenance
Software Development Lifecycle
Figure 11.2
Relationship between the SDLC and the risk management process.
Risk assessment—during requirements and design phase
Code overviews—during development
Code reviews—during development
Vulnerability assessment and penetration testing—during testing
Coniguration management testing—during testing and deployment
Change management and veriication—during maintenance
Periodic health checks—during maintenance
11.2.1.1 Risk Assessment—During Requirements and Design Phase
Risk assessment is an important activity that is performed at the requirements and design phase
of the SDLC of a secure Web application. Although risk assessment is not technically a security
testing operation, it is considered a measure of identiication and validation. he risk assessment
process consists of characterizing the Web application with regard to the following—under-
standing the application architecture, its users, and critical information assets; identifying secu-
rity policies and objectives; and understanding and proiling threats that might afect the Web
application.
he detailed security requirements for the Web application are formulated based on the results
of the threats proiled and modeled during the risk assessment exercise. hese requirements are
validated during the design stage, when architects and application designers use these security
requirements and design the application. he most important aspect of the risk assessment exer-
cise, with reference to security testing, is the threat modeling activity. he threat modeling activity
is a conluence of multiple scenarios for a threat exploiting a given vulnerability. he threat model
for this basic threat proile can consist of various scenarios. he attacker can perform a cross-site
scripting attack and gain access to user sessions and consequently gain access to user accounts. he
attacker can also perform an SQL injection, where he/she gains access to the database containing
the user information.
he beneits provided by the threat modeling activity are multifold: One is that it helps in
creating security requirements for the Web application; the other is that security-testing activities
can be created to model the threat scenarios envisioned to validate that the application is resistant
to these attacks. For instance, a security test measure where the tester checks for cross-site script-
ing vulnerabilities in the Web application can be constituted based on the threat model created,
propounding the possibility of cross-site scripting being used as one of the attack vectors to com-
promise the Web application.
Search WWH ::




Custom Search