Request a Price Quote
           Welcome to Seafoam Solutions, Your Source for Managed IT   Contact us!!!



 
SDL and Threat Modeling

Today's best designed applications make use of the Security Development Lifecycle (SDL) to ensure that your data remains safe and secure. Connected systems face a myriad of threats, so Seafoam Solutions employs the latest tools to ensure that your systems are engineered with security at the forefront. One of the principles of SDL is threat modeling. Designers applying the techniques of threat modeling focus on secure application design in a structured way.


Threat Modeling Process
 Illustrate your software's data flows
 Use STRIDE per element to identify threats
 Address each threat
 Verify the depth of your model's software coverage, and address the threats you have discovered.

Application entry points are a good starting point for threat modeling. Entry points and the application's attack surface are points of vulnerability, so by diagramming your system, we can evaluate potential threats. An entry point analysis can identify factors such as network accessibility, authentication methods, and authorization requirements, and can help you determine the places where the bad guys can get in. The attack surface of your application is the portion of the application that is exposed to untrusted users. Outward facing programs like web applications often have a large attack surface.

Penetration Testing is an element of threat modeling where testers focus on thinking like attackers. One common attack mode is an Environment Attack where environmental factors such as file systems, etc. serve as the attack vector. A simple change in a configuration file (which is a component in your app's environment) may render your software inoperable. Another common vector is an Input Attack. Fields that allow unbounded input or web pages that fail to test for HTML injection are targets.

Elevated permissions is a yet another common Achilles heel for software systems. Exposed entry points should only operate at the minimum level of accessibility that the system needs to function. Users often want operate as administrator or root, but reducing privileges makes sense.

Seafoam Solutions employs the principles of SDL during the development and maintenance of your programs. Threat Modeling, penetration testing, and attack surface analysis are examples of the tools we employ to ensure that your software anticipates today's threats and is built to withstand tomorrow's. Managed applications are a doorway into your data. Let Seafoam Solutions provide the lock.

Capabilities Maturity Model
The Capabilities Maturity Model is a design methodology that entails developing incremental improvements to the features in a software system. Commonly, application capabilities begin as a sparsely populated object model. Over time, developers improve those objects in ways that make them quicker and more efficient, and the objects gain features which make them more user friendly, easier to use or consume.

The Active Record Pattern
The Active Record Pattern (ARP) is a design pattern that simplifies data access by allowing designers to create classes of objects that mirror the data contained in the tables in a database. These data classes contain properties which represent a one-to-one correspondence with the column definitions in the data tables. Additional class features include data access methods for adding, updating, and deleting records, and shared functions which operate on a collection or list of class instances. Optionally, these data classes can contain read-only properties or functions which aggregate data.

Consider an Employees table which has columns for EmployeeID, Name, Address, etc. By applying ARP, an Employee class could be created to represent a single row in the table. The class would contain properties for EmployeeID, Name, Address, and so on. Instance methods would be added for Retrieve, Insert, Update, and Delete to manage individual records, and shared functions for Select, Sort, and Find would flesh out the class and operate on sets of records. Internally, data access would be abstracted away to connectivity classes.

The architecture presented here decouples connection classes from the data model. If the developer needs to change data providers (for example, moving from MS Access to Oracle) only the connectivity classes need to be updated. ARP classes enhance application modeling and reduce the amount of time it takes to go from model to production.
 
Small Business Solutions
Seafoam Solutions managed services for small businesses provide you with an affordable alternative to in-house administration.
Installation and Configuration
Desktops and Laptops $35 + $25/hour*
Printers and Peripherals $35 + $25/hour
Network Equipment $75 + $45/hour
Services Contract $25/Computer/Month
Small Business services contract includes: account/login management, backups, data migration, OS/Antivirus updates
Desktop Development
Desktop Application From $75/hour
Network Application From $90/hour
Report Application From $60/hour
Training
Basic Computer Literacy $60/person per session
Microsoft Word 2003/2007 $60/person per session
Microsoft Excel 2003/2007 $60/person per session
Web Development
Website Registration $250/Domain
Web Page/Report Development From $75/hour
Web Service Development From $120/hour
Web Service Integration From $90/hour
Web Search From $75/hour
Website Administration
Database Integration From $85/hour
Content Development From $30/hour
Data Format Conversion From $60/hour
Site Update Consulting From $85/hour
*Prices subject to change without notice. Call for the latest pricing information. Small Business service contracts based on a minimum of ten managed PCs.

Asset Tracking
Your technology investment is an important asset. The data your systems contain represents day-to-day business operations, customer relationships, and your strategic vision. Like all assets, your data should be protected. The systems that contain your data have a limited life - disk drives fail, new technology supplants old, and a changing regulatory environment can add unforeseen requirements your systems weren't designed to provide.

Like all assets, your systems will have a finite lifetime where their value depreciates. When you retire these systems, you will be able to collect some resale value, but you may need to address the disposal of media so that the data on your current systems doesn't fall into the wrong hands.

Features of Seafoam Solutions Asset Tracking
 Asset Inventories and Documentation
 Equipment Depreciation Schedules
 Resale Assistance
 Replacement and Upgrade Planning
 Secure Media Disposal
 Environmentally Friendly Equipment Disposal

Businesses don't operate in a vacuum. Outside forces, acts of God, thefts, and vandalism can cause major disruptions to your operations. Your insurance may cover losses, but you need solid documentation to establish the value of your systems. Seafoam Solutions can help. Our asset management team offers solutions to aide you in managing your valuable IT investment.


Seafoam Solutions Asset Management:    From $60/hour
Check for availability. Prices subject to change without notice

Guest Network Access - Are You Exposed?
Threat modeling should include an assessment of how often guests access your internal network. Minimize this access to add an additional layer of defense at your perimeter.


According to the Yankee Group, guest network access by customers and vendors is on the rise.
Source: Yankee Group
seafoamsolutions.com ©2009-2010 All Rights Reserved
Contact Us!!!     Post Your Resume

Top   |   Welcome Page   |   Managed Solutions   |   Desktop Solutions   |   Web Solutions   |   Small Business Services   |   Products And Services

Seafoam Solutions
P. O. Box 3366
North Myrtle Beach, South Carolina 22729
Phone (843) 251-4282 Fax (843) 251-4282
Search