From the course: Learning Threat Modeling for Security Professionals
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Did we do a good job?
From the course: Learning Threat Modeling for Security Professionals
Did we do a good job?
- So, I've discovered a few threats, filed some bugs, and we're done threat modeling, right? Not quite. We want to take a minute and reflect on the fourth major question in threat modeling: did we do a good job? It's important to reflect on, both because we want to do a good job and so you know you're done. How can you know if you're half finished? How can you tell your boss, your scrum master, or anyone else that you've done the work? As a result, the very first part of this is, is the work done? Are there clear answers to the questions which frame threat modeling? Those questions are: what are we working on, what can go wrong, what are we doing about it? Are there clear answers? If not, there's work to be done. If there are, then it makes sense to check on a few more things. When looking at what can go wrong, it's important to look for each STRIDE threat across each part of the diagram, or each part of the diagram that's inside relevant trust boundaries. Therefore, the next question…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.