• Many attacks on organisational applications come from inside the network, making firewalls useless.
  • Intrusion detection techniques will not work when the problem is poor input validation in the application.
  • Network and host security can help fight the symptoms of the problem where the source of the problem is in the application source.
  • Security is a process and not a product. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind.

Threat modelling is a critical ingredient for development of secure web-based applications. Defending against unknown threats makes no sense.

  • Last modified: 2019/10/29 09:14