Introduction
Even a single security hole in an otherwise bullet-proof application can potentially wreak embarrassing and costly chaos in the hands of the wrong person. To create a completely secure application, every member of every object in the application must be carefully analyzed to determine every conceivable way each member could be invoked. Doing a thorough job of this requires analysis of other many application details such as the data, user roles, technology choices, use cases, and external dependencies. This analysis should be done in the design phase for optimal efficiency, because security threats found and dealt with in the design phase are far easier and cheaper to fix. Additionally, all these details must be thoroughly reviewed every time any design detail changes. For all but the simplest of applications, manually mapping out the seemingly infinite combinations of all the above details for every member in an application is a foreboding task indeed. That's why this time consuming, error prone, and potentially budget busting task is rarely done properly in the real world. If only there were a way to simplify this chore...
The Threat Analysis and Modeling Tool
Microsoft's freely downloadable Threat Analysis and Modeling Tool aims to simplify the process of identifying potential security holes in your applications before hackers do. You can enter a pre-existing application's design details into the tool to see what sort of security issues may have slipped into it, but this tool really shines when used in the design phase of new applications. In fact, the Threat Analysis and Modeling Tool (shown in Figure 1) is robust enough that you may consider using it as your primary design tool for all new applications.
Figure 1: Microsoft's free Threat Analysis and Modeling Tool can help you identify security holes in your applications.
To use the Threat Analysis and Modeling Tool you must first describe the application you're modeling. Details must be provided about its data, components, user roles, and external dependencies. Business objectives and use cases are also necessities. If you're not experienced with use cases, you may wish to take advantage of the Generate Use Cases menu option (under the Tools dropdown menu) to automatically create some useful boilerplate use cases that are based on your application's design.
The treeview in the left pane of the Threat Analysis and Modeling Tool has nodes for every category application design details of relevant data about your application's design. Getting started is as easy as clicking on some of the treeview nodes and entering the related data. The more thorough you are about your data entry, the more secure your application will be in the end.
Since exceptionally large applications can be cumbersome to design within a single threat model document, they are often broken down into several smaller threat model documents, each describing distinct parts of the application. In this situation, each of the project's threat model documents should reference each other by listing the other components as external dependencies.
The bottom node of the treeview (Attack Library) lists virtually every known hacker attack as well as best-practice defenses against each of them. Unlike the rest of the nodes in the treeview, this one does not apply directly to your application. Instead, this is a list of all known attacks whether they apply to your application or not. Browsing this list is a great way to learn about common hacker exploits and how to write code that is immune to them.
Identifying Threats
Once your application's design details have been entered into the tool, there are a variety of analytical options available to visualize your application from different perspectives and identify the threats specific to it. For example, the Data Access Control Matrix window (available from the Analytics dropdown menu) points out aspects of your application's design that haven't been fully thought out and/or documented yet. This is useful to ensure you don't accidentally leave design holes through which bugs or hackers may creep.
Figure 2: The built in Data Access Control Matrix alerts you about possible holes in your application's design.
Additionally, the Threat Analysis and Modeling Tool provides many impressive reports and diagrams that document your application's design. These can be exported to Visio as well as other file formats. You don't have to tell your boss they were automatically generated.
The Generate Threats menu option (available from the Tools dropdown menu) will list every security vulnerability found in your application. It will tell you exactly where in your design each threat exists. It also provides a variety of best-practice suggestions for dealing with each one. Similarly, the Threat Tree diagram shown in Figure 3 (available from the Visualizations dropdown menu) identifies potential threats in a more graphical way.
Figure 3: Nearly every possible security threat to your application is identified in a variety of graphical and tabular ways.
You're not Alone
Considering all the complex and impressive features the Threat Analysis and Modeling Tool provides, it is surprisingly easy to use. For a jumpstart, you may wish to watch some of the many helpful tutorial videos that are available from the Application Threat Modeling web site. You may also wish to pay a visit to the threat modeling team's blog to stay up-to-date on the latest info. You can rely on this tool's longevity since Microsoft is increasingly using it to secure all the applications they write. Any new exploits discovered in future technologies will be integrated into this tool.
Summary
Microsoft's free Threat Analysis and Modeling Tool finally makes it feasible for developers to do a detailed security analysis of all their applications. Without such a tool, it's virtually impossible to be sure you've built a secure application.
With this tool at your disposal you no longer have an excuse for writing insecure applications.
References
About Steve Orr
 |
Steve C. Orr is an ASP Insider, MCSD, Certified ScrumMaster, Microsoft MVP in ASP.NET, and author of the book “Beginning ASP.NET 2.0 AJAX” by Wrox press. He’s been developing software solutions for leading companies in the Seattle area for more than a decade. When he’s not busy designing software ...
This author has published 9 articles on DotNetSlackers. View other articles or the complete profile here.
|
You might also be interested in the following related blog posts
Canonical Formats and Query Strings - IIS SEO Toolkit
read more
It's not the client's job to know what he needs - It's our job to find out
read more
It's not the client's job to know what he needs. It's our job to find out.
read more
Static Code Analysis and Custom FxCop Rules for Enterprise ASP.Net Development
read more
C# Code Completion in emacs - a look at Cedet, semantic, and CSDE
read more
Stand alone FXCop download
read more
Performance Threat Models
read more
Principles and Patterns for Security
read more
RunAs Radio #20: Donald Farmer on Data Mining!
read more
Why Mathematicians Are Better Software Testers?
read more
|
|
Please login to rate or to leave a comment.