From the course: Ethical Hacking: Vulnerability Analysis
Unlock the full course today
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Solution: Threat modeling exercise
From the course: Ethical Hacking: Vulnerability Analysis
Solution: Threat modeling exercise
(upbeat music) - [Instructor] Okay, now let's check our work. You were to take a look at this data flow diagram and determine where you might see some threats. So for the browser threats, an attacker could pose as the web application or spoof the client, which could allow them to obtain the client credentials, and this could happen in a man-in-the-middle attack. With the web application, information disclosure can occur if someone were to sniff the unencrypted traffic by using something such as Wireshark. As that traffic passed from the application to the client, they might be able to obtain credentials and other sensitive information. Now, this could be mitigated by simply using encryption. And of course, the SQL database would have a potential threat of an SQL injection. Now, this is an attack where malicious code is passed to the server in order to read contents or modify the database. And with the authorization…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.