ASSETS
What are we trying to protect?
- SOFTWARE ARCHITECTURE OVERVIEW
o COMPONENT DIAGRAM
Component diagram illustrates the structure of arbitrarily complex systems
o DATA FLOW DIAGRAM
Data Flow Diagram is a graphical representation of the "flow" of data through an information system, modelling its process aspects
o TRUST BOUNDARIES
Trust boundary refers to a boundary where program data or execution changes its level of "trust”
- DECOMPOSE SOFTWARE
o SEQUENCE DIAGRAM
A Sequence diagram is an interaction diagram that shows how processes operate with one another and in what order
o POTENTIAL AREAS OF INTEREST
Potential entry point to the application
- IDENTIFY THREATS
o ATTACKER
A person who uses computers to gain unauthorized access to data
o ATTACK TREE
Attack trees are conceptual diagrams showing how an asset, or target, might be attacked
o STRIDE AND DREAD
§ STRIDE
STRIDE = (Spoofing Identify + Data Tampering + Repudiation + Information Disclosure + Denial of Service + Privilege Escalation)
STRIDE is a classification scheme for characterizing known threats according to the kinds of exploit that are used (or motivation of the attacker)
§ DREAD
DREAD = (Damage + Reproducibility + Exploitability + Affected Users + Discoverability)
DREAD is a classification scheme for quantifying, comparing and prioritizing the amount of risk presented by each evaluated threat
- REMEDIATION PLAN
Plan to perform the remediation of one or more threats or vulnerabilities facing an organization’s systems.
Source: https://www.youtube.com/watch?v=IC5y7vk5YcQ
Source: https://www.youtube.com/watch?v=IC5y7vk5YcQ
No comments:
Post a Comment