Please enable JavaScript.

Coggle requires JavaScript to display documents.

Threat Modeling (Why impt? (better coverage in testing (testing all the…

- - - - 1) doc each component
        2) Develop data flow diagrams, show how components interact
        3) Privileges boundaries identified, ensure proper controls are in place for any data crossing these boundaries
    - - develop threats for each portion of application
      - link each threats to the components
      - rank them by means of objective measure of severity
- - - - a list of every entrypoint
      - enable burp proxy
    - - write down every asset
        
        user PII and passwords
        
        admin panel acess
        
        transaction histories
        
        source code
        
        database credentials
    - - rank entrypoints order of perceived value
        
        eg. Entrypoint takes little to no user data likely less valuable
        
        CSRF on any page for end-users give you nothing