SecurityArchitecture and Design Threat Modeling

profilenarendra18186
Finding_Threats_Week3_Instructions.pdf

Threat Modeling Session 2a

Assignment

This week’s assignment

• Read chapter 2

– Review Chapter 1: Figure 1-3, page 7

• Download the “Elevation of Privilege” game

• Pick your card

• Discuss

– Describe your card and how it applies to the class system

Read chapters 1 and 2

• This week’s assignment refers to figure 1-3, on page 7 – This can represent many types of applications – Let’s assume this is an online shopping application

Web browser Web server Business logic Database

Corporate data center Web storage (offsite)

1 2 3 4 5 6 7

Elevation of Privilege (EoP) game

• Pages 7-9, Appendix D

• Download from

– http://Microsoft.com/security/sdl/adopt/eop.aspx

• Learn the game basics

• Review the cards

– Either print the cards you downloaded or refer to Appendix D

Discussion steps

• Step 1 – Pick your EoP card – Select any “card” from any “suit” from the EoP card deck

• Step 2 – Online discussion – create a posting that describes your card, why you chose it, and how the threat affects our application.

• Step 3 – Comment on AT LEAST 2 other student posts – Substantive comments

• In summary – You will post AT LEAST 3 times (1 original and 2 comments)