Security Design by Threat Modeling

During the design phase of your Web site development, you should create a threat model. This is a list of areas where your Commerce Server site is most vulnerable, the risk of an attack to each area, what you can do to mitigate the risk, and the priority assigned to implementing the mitigation. By creating a threat model, you can identify the areas where your Commerce Server installation is most vulnerable and then choose the appropriate tools and implement the best design to protect it.

The threat modeling process is as follows:

1. Identify the known threats to the system.
2. Rank the threats in order by decreasing risk.
3. Determine how you will respond to the threats.
4. Identify techniques that mitigate the threats.
5. Choose the appropriate technologies from the identified techniques.

You might need to perform this process more than once because it is difficult to formulate all possible threats in one pass. Also, technology changes over time, new issues arise, and the business and technical landscape may expose new risks, or render existing threats harmless. All of these have an impact on the known threats to your system.

This section contains:

• Identifying Known Threats
• Ranking Threats by Decreasing Risk
• Identifying Techniques that Mitigate Threats
• Choosing the Appropriate Technologies from the Identified Techniques

Copyright © 2005 Microsoft Corporation.
All rights reserved.