Threat Modeling: RFID Integration for Morgan’s Wonderland

Last week we released some details about work we did for the Morgan’s Wonderland fun park for special-needs children.  One of the exciting aspects of that project was the integration with the park’s RFID tracking system.  The RFID system itself was built by RFIDTec, based in California, and we integrated their work with the online reservation platform we constructed.

RFID Journal did a write-up on the Morgan’s Wonderland RFID system, including some comments from Denim Group’s Sheridan Chambers.

An important aspect of securing this integration was the use of Threat Modeling to proactively identify potential security problems during the design stage so they could be addressed early in the development process.  Understanding the communication channels in a system as well as trust boundaries between parts of the system is critical to creating secure applications.  This applies to RFID systems, Web 2.0 mashups, software as a service (SaaS) and smartphone applications – any system that is composed of multiple independent subsystems.

Here are some photos of different aspects of the RFID tracking system:

The tracking wristband

A closed location station.

Identifying a user to the location station.

Contact us for help developing security-critical applications.


dan _at_


Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Uncategorized

2 Responses to “Threat Modeling: RFID Integration for Morgan’s Wonderland”

  1. Louis Parker

    I’m interested in discussing similar RFID integration projects with your partner, RFIDTec, how can I contact them?

  2. how to get rid of fruit flies

    With the state and rendering ‘plumbing’ now done we can start doing some fun stuff by adding graphics to our game and displaying them on the screen. This will guard against potential fines for disturbing nests or injuring the birds. To start, get your small containers and fill them up with apple cider vinegar.

Leave a Reply

Your email address will not be published. Required fields are marked *