Once you have identified the threats to your application, you should take preventative measures to mitigate or eliminate the high-priority threats you’ve identified. If you can’t completely eliminate a threat—such as denial of service (DoS) attacks—you should design your application with the goal of reducing the consequences of an attack. For example, in the case of a Web application, you could present a "Sorry the Web site is experiencing heavy volumes" lightweight Web page as opposed to sending the user no response from your Web site—although if your application gets bogged down because of an unusually high volume (high customer demand) unrelated to an attack, you should work toward making your application ...