-
Notifications
You must be signed in to change notification settings - Fork 1
Home
ninabarzh edited this page Jan 24, 2022
·
5 revisions
Applications in general, and in a wider perspective, software development requires Software-based threat modelling ("a structured approach that enables you to identify, quantify, and address the security risks associated with an application").
This wiki contains some simplified and generalised notes on how to identify resources that need protection (assets), document security assumptions, identify attack surface and input and output attack vectors, and how to combine these vectors into attack trees (scenarios) with suggestions on possibly useful mitigations.