Order ready-to-submit essays. No Plagiarism Guarantee!
Note: All our papers are written from scratch by human writers to ensure authenticity and originality.
Task 1:
Check your essay before you submit. See exactly what your professor sees.
See your AI and plagiarism results before your instructor does.Get the exact same report your professor uses. Trusted by 50,000+ students worldwide.
Discuss at least one of the ways to test a threat mitigation.(one page only with references and APA format,plagarism free)(reference file attached below)
Task 2:
Write a 3 pages paper.
Discuss the following:
1. The process and skills required to test threat mitigations.
Your responses must be complete, detailed and in APA format,references and plagarism free.
**pls refer below attached file for reference.
ISOL 536 Security Architecture and Design
Threat Modeling Session 9a
“Check Your Work”
Agenda
• Testing software you make
• Testing software you acquire
• QA’ing your threat modeling work
• Reading: Chapter 10
Context
All testing
Security testing
Threat model- driven testing
Testing Software You Make
• All threats you find can be tested • In agile shops that rely on Test-Driven
Development (TDD), threat modeling is a great way to design tests – Two tests per threat
• One for no mitigation case • One that attempts to bypass mitigation
• Start with a test to execute the threat • Continue with tests that bypass mitigations (aka
2nd order attacks) • Automation vs manual
Penetration Testing
• Aka “ethical hacking,” “red teaming”
• Improve the security of your code by breaking it
• Differs from threat modeling
– Done late
– Hard to judge scope
– Sometimes “black box” where testers start without knowledge of system
Testing Software You Acquire
• Build a software model
– Use the documentation and actual software
– See if they include a threat model or security operations guide
• Look for threats
• Address the issues you find
Build a Software Model
• Components – Start with the binaries, databases, dependencies
– Some will likely merge into a single process for threat modeling purposes
• Trust boundaries – Account(s) used
– Sockets, RPC (data flow ends)
– Admin interfaces
• Look at platform changes on install
• Diagram as you find things
Look for Threats
• Use the model you’ve created
• This is similar to looking for threats in any other software
– You’re less familiar with it
– It may include relevant documentation
– (If not, what does that tell you?)
• Use STRIDE, CAPEC, attack trees, etc.
Address the Issues You Find
• Ask the creator to fix them – Be ready to discuss views of requirements, tradeoffs – Some backwards vendors will threaten you (this is a
red flag they don’t understand security) – Generally the least investment if the vendor will fix
them
• Look for an alternative – Easier if you TM early
• Mitigate yourself – Using operational security techniques from earlier
classes on “what to do about it”
QA’ing the Threat Modeling Process
• Another aspect of checking your work
• Check software model/reality conformance
• Check that each task and process is done
• Bug checking: Look at each TM bug
– Is it closed properly (fixed, not wontfix)?
– Is there a test case?
– Tags on bugs really helpful here
Recap
• Testing software you make
• Testing software you acquire
• Knowing when you’re done


