Key concepts in the chapter are:
Costing the threat-analysis process
Creating application-architecture diagrams
Brainstorming and prioritizing threats
Responding to threats
In this chapter, you’ll learn how to apply the threat-analysis concepts presented in Chapter 14 to your own application. We’ll walk through the employee management system Web sample application (introduced in Chapter 2) as an exercise in identifying potential threats to which the application is vulnerable.
You should go through the following process when performing a threat analysis of your application:
Allocate time for the threat analysis.
Plan and document your threat analysis.
Create a laundry list of threats.
Prioritize threats. ...