/
๐Ÿ‘ฎโ€โ™‚๏ธ

Security

node
Table of contents
  • Node
  • Threat modelling

OWASP Top Ten

Node

Express middlewares

Threat modelling

STRIDE

ThreatDesired property
SpoofingAuthenticity
TamperingIntegrity
RepudiationNon-repudiability
Information disclosure (privacy breach or data leak)Confidentiality
Denial of ServiceAvailability
Elevation of PrivilegeAuthorisation

Attack tree

Attack trees are conceptual diagrams showing how an asset, or target, might be attacked. Attack trees have been used in a variety of applications. In the field of information technology, they have been used to describe threats on computer systems and possible attacks to realize those threats. However, their use is not restricted to the analysis of conventional information systems. They are widely used in the fields of defense and aerospace for the analysis of threats against tamper resistant electronics systems (e.g., avionics on military aircraft).[1] Attack trees are increasingly being applied to computer control systems (especially relating to the electric power grid ).[2] Attack trees have also been used to understand threats to physical systems.

DREAD

DREAD is part of a system for risk-assessing computer security threats previously used at Microsoft and although currently used by OpenStack and other corporations[citation needed] it was abandoned by its creators [1]. It provides a mnemonic for risk rating security threats using five categories.

The categories are:

  • Damage โ€“ how bad would an attack be?
  • Reproducibility โ€“ how easy is it to reproduce the attack?
  • Exploitability โ€“ how much work is it to launch the attack?
  • Affected users โ€“ how many people will be impacted?
  • Discoverability โ€“ how easy is it to discover the threat?
Want to make your own site like this? Try gatsby-theme-code-notes by Zander Martineau.
Notes on code. My second brain, by Zander Martineau.