O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Step 3. Decompose the Application

In this step, you break down your application to create a security profile for the application based on traditional areas of vulnerability. You also identify trust boundaries, data flow, entry points, and privileged code. The more you know about the mechanics of your application, the easier it is to uncover threats. Figure 3-4 shows the various targets for the decomposition process.

Targets for application decomposition

Figure 3-4. Targets for application decomposition

During this step, you perform the following tasks:

  • Identify trust boundaries.

  • Identify data flow.

  • Identify entry points.

  • Identify privileged code.

  • Document the security profile.

Identify Trust ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required