|
|
|
|
|
|
by baby
1957 days ago
|
|
|
I really don't like it. Personally, I think it isn't hard to threat model your system: 1. break down your systems into smaller units 2. for each unit, figure out: - what attackers are after (e.g. stealing a database) - what attackers can do (e.g. infiltrate the network) - what's the likelihood of each attack and scenario you can think about, along with the impact - what you've done to prevent it (and is it good enough?) - what you've done to detect it (and is it good enough?) - what you would do to respond to a successful attack (and, is it good enough?) |
|
|