Building a threat model for a PaaS based Cloud service
A while back I worked with a great Architect general guru of secure code. Adam Shostack who is a foremost expert when it comes to threat modeling . He does a great job in help educate us all in how you should plan a secure solution before you build it. A threat model should be seen as a key design element before code is started, similar to a floor plan in a house design. In this blog I wanted to illustrate the value and methods required to build a threat model, and tie it back to work I recently published, Payment Processing Blueprint for PCI DSS-compliant environments which included sample threat model for a cloud based PaaS solution. Wow, that’s great a free starter threat model to an architecture, what else can you ask for? What does it take to create your very own threat model? Think like an attacker, it’s important to see the problem from the attackers point of view when designing, or architecting a solution. For instance that includes thin