401 Class 29: Modeling a Web Application - nataliabdallah/codefellows-ops-reading-notes GitHub Wiki

Home | README.md | Portfolio | |

Reading Application Threat Modeling

A Beginners Guide To The STRIDE Security Threat Model

Explain threat modeling using real-world non-technical examples.

  • Threat Modeling seeks out vulnerabilities and re-creates or creates scenarios to train for when the real attack happens. If done right, it will be like any other Monday when there is an attack, and there will be less attacks, because you are playing devil's advocate and can beat any bad actor to the punch.

What are the four questions that can help us organize threat modeling?

  1. What are we working on?
  2. What can go wrong?
  3. What are we going to do about it?
  4. Did we do a good job?

You are the project lead for a new application. How would you explain the benefits of Threat Modeling to the rest of the team?

  • You never arise to the occasion, you fall to your preparation!

Bookmark and Review

Threat Modeling Security Fundamentals