Step 5: Threat-Model the Vulnerabilities
Chapter 14 and Chapter 15 discuss how to use threat modeling to determine the security vulnerabilities of a system. This can be done during any phase of the project, but there are definite advantages in threat-modeling during the design phase of the system, and it commonly follows a set course:
Identify who the potential intruders are.
Brainstorm the ways an intruder could attack the system, and generate a list of vulnerabilities.
Rank the vulnerabilities by decreasing risk, where risk is equal to damage potential and chance of attack.
Choose the action to take for each vulnerability. For high-risk vulnerabilities, this means fixing the problem or changing the architecture so that the vulnerability is removed. ...
Get Security for Microsoft® Visual Basic® .NET now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.