mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-27 14:54:05 -06:00
1.7 KiB
1.7 KiB
| title | aliases | tags | ||
|---|---|---|---|---|
| 21-SE-in-IA-2 |
|
need in all phases
- often overlooked in feasability stages
- security requirements not defined
- built without thinking about security
- tests do not take security into account
- without security evolution can become cumbersome
more costly to fix bug in development than in design
- the later we fix it the more costly it is
from the start
- hire right people
- with hacking mindset
- so they alwasys think about security
- invite customers to training and seminars
- testing could uncover security issues
questions during feasability
- what are the implications for users if assets are lost
- some information is more high risk that other information
during design
- should be designed in iterative manner
- threat modelling
- Data Flow Diagram (DFD)
- high or low level
- want to be nimble
- dont want to go overboard
- potential threats
- STRIDE
- can identify parts system using DFD that are threatened by these things
- defines the potential dcisions that are performed by the attacker
- risk = criticality * likligood of occurance
- should be consistent
- can also use DREAD
example
responsing to threats
- do nothing
- inform user
- remove problem
- fix problem