20 lines
3.6 KiB
Markdown
20 lines
3.6 KiB
Markdown
|
|
|||
|
---
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
| | |
|
|||
|
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
|||
|
| **Stages** | **Sneaker company** |
|
|||
|
| I. Define business and security objectives | Make 2-3 notes of specific business requirements that will be analyzed.<br><br>- Will the app process transactions?<br> <br>- Does it do a lot of back-end processing?<br> <br>- Are there industry regulations that need to be considered? |
|
|||
|
| II. Define the technical scope | List of technologies used by the application:<br><br>- Application programming interface (API)<br> <br>- Public key infrastructure (PKI)<br> <br>- SHA-256<br> <br>- SQL<br> <br><br> <br><br>Write 2-3 sentences (40-60 words) that describe why you choose to prioritize that technology over the others. |
|
|||
|
| III. Decompose application | [Sample data flow diagram](https://docs.google.com/presentation/d/1ol7y79popTFfNHM-90ES-H-i1Lpd0YNvPShxBlXozjg/template/preview?resourcekey=0-DZAkf7Vzh2PXsP-j3oXV-g) |
|
|||
|
| IV. Threat analysis | List 2 types of threats in the PASTA worksheet that are risks to the information being handled by the application.<br><br>- What are the internal threats?<br> <br>- What are the external threats? |
|
|||
|
| V. Vulnerability analysis | List 2 vulnerabilities in the PASTA worksheet that could be exploited.<br><br>- Could there be things wrong with the codebase?<br> <br>- Could there be weaknesses in the database?<br> <br>- Could there be flaws in the network? |
|
|||
|
| VI. Attack modeling | [Sample attack tree diagram](https://docs.google.com/presentation/d/1FmWLyHgmq9XQoVuMxOym2PHO8IuedCkan4moYnI-EJ0/template/preview?usp=sharing&resourcekey=0-zYPY7AhPJdcClXamlAfOag) |
|
|||
|
| VII. Risk analysis and impact | List 4 security controls that you’ve learned about that can reduce risk. |
|
|||
|
|
|||
|
|
|||
|
|
|||
|
---
|