Chapter 2. Using Threat Models for Security Testing

In this chapter:
Threat Modeling
How Testers Can Leverage a Threat Model
Data Flow Diagrams
Enumeration of Entry Points and Exit Points
Enumeration of Threats
How Testers Should Use a Completed Threat Model
Implementation Rarely Matches the Specification or Threat Model
Summary

As demonstrated in the combination lock example in Chapter 1, it is important to really understand how something works to identify potential security issues. Threat modeling is a process that can be used to outline how a piece of software works, what the software interacts with, and how data enters and leaves the software or part of the software and to enumerate potential security threats. In the lock example, we discussed how ...

Get Hunting Security Bugs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Hunting Security Bugs by Bryan Jeffries, Tom Gallagher, Lawrence Landauer

Chapter 2. Using Threat Models for Security Testing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly