3.6 KiB
3.6 KiB
| Stages | Sneaker company |
| I. Define business and security objectives | Make 2-3 notes of specific business requirements that will be analyzed. - Will the app process transactions? - Does it do a lot of back-end processing? - Are there industry regulations that need to be considered? |
| II. Define the technical scope | List of technologies used by the application: - Application programming interface (API) - Public key infrastructure (PKI) - SHA-256 - SQL Write 2-3 sentences (40-60 words) that describe why you choose to prioritize that technology over the others. |
| III. Decompose application | Sample data flow diagram |
| IV. Threat analysis | List 2 types of threats in the PASTA worksheet that are risks to the information being handled by the application. - What are the internal threats? - What are the external threats? |
| V. Vulnerability analysis | List 2 vulnerabilities in the PASTA worksheet that could be exploited. - Could there be things wrong with the codebase? - Could there be weaknesses in the database? - Could there be flaws in the network? |
| VI. Attack modeling | Sample attack tree diagram |
| VII. Risk analysis and impact | List 4 security controls that you’ve learned about that can reduce risk. |