No cen¨¢rio em constante evolu??o de desenvolvimento de software impulsionado por IA, a ¨¦ mais essencial do que nunca para construir software seguro, mantendo a agilidade e evitando o ¡°sandu¨ªche de seguran?a¡±. A modelagem de amea?as ¡ª um conjunto de t¨¦cnicas para identificar e classificar amea?as potenciais ¡ª aplica-se em v¨¢rios contextos, , que introduzem . Para ser eficaz, ela deve ser realizada regularmente ao longo do ciclo de vida do software e funciona melhor em conjunto com outras pr¨¢ticas de seguran?a. Essas incluem definir requisitos de seguran?a interfuncionais para abordar riscos comuns nas tecnologias do projeto e utilizar scanners de seguran?a automatizados para monitoramento cont¨ªnuo.
Continuamos recomendando que os times executem ¡ª um conjunto de t¨¦cnicas para ajudar a identificar e classificar amea?as potenciais durante o processo de desenvolvimento ¡ª mas queremos enfatizar que esta n?o ¨¦ uma atividade pontual realizada apenas no in¨ªcio dos projetos; as equipes precisam evitar o sandu¨ªche de seguran?a. Isso ocorre porque ao longo da vida ¨²til de qualquer software, novas amea?as surgir?o e as existentes continuar?o a evoluir gra?as a eventos externos e mudan?as cont¨ªnuas nos requisitos e na arquitetura. Isso significa que a modelagem de amea?as precisa ser repetida periodicamente ¡ª a frequ¨ºncia de repeti??o depender¨¢ das circunst?ncias e precisar¨¢ considerar fatores como o custo de execu??o do exerc¨ªcio e o risco potencial para o neg¨®cio. Quando usada em conjunto com outras t¨¦cnicas, como estabelecer requisitos de seguran?a multifuncionais para lidar com riscos comuns nas tecnologias do projeto e usar verificadores de seguran?a automatizados, a modelagem de amea?as pode ser um ativo poderoso.
With the number of high-profile security breaches in the past months, software development teams no longer need convincing that they must place an emphasis on writing secure software and dealing with their users' data in a responsible way. The teams face a steep learning curve, though, and the vast number of potential threats¡ªranging from organized crime and government spying to teenagers who attack systems "for the lulz"¡ªcan be overwhelming. provides a set of techniques that help you identify and classify potential threats early in the development process. It is important to understand that it is only part of a strategy to stay ahead of threats. When used in conjunction with techniques such as establishing cross-functional security requirements to address common risks in the technologies a project uses and using automated security scanners, threat modeling can be a powerful asset.
With the number of high-profile security breaches in the past months, software development teams no longer need convincing that they must place an emphasis on writing secure software and dealing with their users¡¯ data in a responsible way. The teams face a steep learning curve, though, and the vast number of potential threats - ranging from organized crime and government spying to teenagers who attack systems 'for the lulz' can be overwhelming. provides a set of techniques, mostly from a defensive perspective, that help you understand and classify potential threats. Turned into 'evil-user stories', threat models can give a team a manageable and effective approach to making their systems more secure.
At this point the vast majority of development teams are aware of the importance of writing secure software and dealing with their users¡¯ data in a responsible way. They do face a steep learning curve and a vast number of potential threats, ranging from organized crime and government spying to teenagers who attack systems 'for the lulz'. is a set of techniques, mostly from a defensive perspective, that help understand and classify potential threats. When turned into 'evil user stories' this can give a team a manageable and effective approach to making their systems more secure.
