Threat Modelling & Risk Management
Identifying potential threats before writing a single line of code.
STRIDE Methodology
Spoofing
Pretending to be something/someone else.
Tampering
Modifying data or code.
Repudiation
Claiming not to have performed an action.
Information Disclosure
Exposing data to unauthorized users.
Denial of Service
Preventing valid access to resources.
Elevation of Privilege
Gaining higher access rights than authorized.
Risk Management
Not all vulnerabilities need to be fixed immediately. Risk management involves assessing the Likelihood and Impact of a threat to prioritize remediation efforts based on business context.