Application Security CHAPTER 3 33 DID YOU KNOW? Threat modeling can be an effective process if the correct people are involved. The best threat models involve representation from many groups within an organization, including security analysts, developers, business analysts, and information architects. Combined, this group will provide a comprehensive understanding of the application, associated technologies, and vulnerabilities, thereby creating a much better threat model than one created solely by a security analyst. APPLICATION SECURITY THREATS Application security involves securing both custom-developed as well as Common Off-The-Shelf (COTS) applications. Browser The primary purpose of using a Web browser is to navigate and interact with Web-based applications. With over 248 million Internet users in North America alone, it's not difficult to see why these widely deployed applications are a tar-