During the development life cycle, APs can be used for several purposes.
They can be used during the design phase in order to:
- Determine attacks the application
is likely to face during the Threat Modeling of the application
- Plan mitigation strategies
for the identified attacks
- Provide developers with mitigation
samples and guidance
- Provide testers with test guidance to ensure the various attacks have been mitigated
- Increase the security knowledge
and awareness of the development team
When the application is in the early stages of conception it should undergo a Threat
Modeling exercise. The business and design team should conduct security and
risk assessments on the proposed application during this periods. During this phase of application
development, APs can be used to identify potential risks to the application, and
the likelihood of those risks being realised
[7][9][12][13][15].
APs can represent
potential threats to the application. In this context APs can be used to make up an Attack
Pattern Library for the Threat Modeling process.
This is done through identifying relevant attack patterns based on the technology
being used in the application and comparing that with the Dependencies and Conditions
of the various attacks. This will give a good first indication of the most
relevant APs that apply to the application.
The relevant APs should then be consulted to determine any mitigation that needs
to be considered for the application. This is how Threat Modeling can be made more accurate,
and easier to adopt. By using AP libraries the Threat Modeling process can be
improved by reducing the complexity of the security knowledge required by BA and
Architect personnel. Attack Patterns provide a consistent and reliable way to perform
Threat Modeling and Risk assessment quickly.
In addition to assisting the design phase, the APs can be used by the developers
to obtain guidance on how to implement the various mitigation strategies for the
relevant APs. By providing consistent and proven mitigation techniques
to developers, the rework and bug injection rate can be reduced. This is accomplished two
ways.
Firstly, larger teams can use the mitigations provided to build defensive libraries
to mitigate categories of attacks. This is done through designing libraries focused
on Mitigation Types as listed in the APs. These Mitigation Types allow for a common identification
in the way that attacks can be mitigated. Then by incorporation the use of these libraries,
development teams can have some level of assurance that their applications have
some defences against the identified APs.
Using APs also gives the development teams the ability to quickly examine new APs,
and adjust their defensive libraries accordingly to mitigate new threats as they
are developed. By doing this, applications consuming these libraries will
still be protected in the future as the libraries are updated when new APs are discovered.
A second way in which APs can prevent rework is by providing common consistent mitigation
and unit testing techniques in the AP that developers can implement during their
development phase.
[16] This will help ensure that the various APs that the application
is designed to mitigate are taken care of in the development phase rather than the
problems being discovered after the application has been released to test.
Consistency across developers and teams is crucial to ensure that applications can
be maintained.
Not only does it aid the team in being able to work on
another team member’s code, but they can review each other’s code as well knowing
what to expect. This consistent approach to implementing mitigation and
unit testing strategies greatly reduces rework and bug introduction.
APs can further assist the development effort by providing testers with guidance
on the attacks the application is designed to face, as well as a means of checking
to see that the mitigation strategies have been implemented. These patterns are usable
in static and dynamic automated testing
[10][13][16]
or in model and design verification
tools such as those proposed in
[11] and in
[12][15][20] where the Flexible Modeling
Framework checks software for violations of security properties. Static
analysis of code bases may also benefit from APs through the use of the common vulnerability
associations and code samples.
Another
important aspect is that APs increase testing thoroughness and reliability without
having to invest large amounts of time and resources in training testers in security
and penetration testing techniques.
[16]
While these are valuable skills for testers
to have, organisations are more often than not resource restricted and can’t afford
to dedicate testers to penetration testing specifically.
APs provide clear and consistent testing points for testers to be able to apply
against an application to ensure that the mitigation strategies are implemented
and working as they should be. This will increase the confidence in the test cycle,
as well as in deployment, that the application has at least had some kind of security
evaluation performed against it before it goes in to the wild.