Friday, 30 June 2023

Threat Modelling

Threat Modelling

Step 1 - Identifying Threats:
  • Focused on potential attackers
  • Focused on safeguarding assets
  • Focused on system or software vulnerabilities
Step 2 - Categorising Threats:
  • Utilising STRIDE framework: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (DoS), Elevation of Privilege
Step 3 - Determining and Illustrating Potential Attacks:
  • Employing data flow diagrams, delineating privilege boundaries, and identifying involved elements
Step 4 - Performing Reduction Analysis:
  • Decomposing the application, system, or environment
  • Considering trust boundaries, security stance and approach, data flow paths, privilege operations, and input points
Step 5 - Prioritisation and Response:
  • Assessing threats using the DREAD rating system
  • Evaluating Damage potential, Reproducibility, Exploitability, Affected Users, and Discoverability
  • Responding to threats in prioritized order

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

EchoLeak Vulnerability Exposes Microsoft 365 Copilot to Zero-Click Data Theft

🚨 Critical Alert: A wake-up call for AI security in enterprise environments Microsoft has just patched a critical vulnerability that shoul...