TYCON
Description: Coding, Writing, Exploring New Technologies...
We tend to associate security with specific technologies–encryption, VPNs, authentication protocols, but no single technology guarantees security; attacks come from many different directions and target the least suspected of vulnerabilities. We need to make our best effort to ensure comprehensive protection. To achieve that end, threat modeling is an essential first step. While threat modeling might sound rather academic, it is in fact entirely practical and something you can and certainly should apply in y
To gain a broad view of threat modeling apart from specific technologies, it’s worth taking a step back and realizing threat modeling has its origins in the military dating back long before the computer age. When Sun Tzu wrote in the fifth century BC that “if you know the enemy and know yourself, you need not fear the result of a hundred battles,” he was extolling the value of threat modeling. In explaining that “first comes scoping, then measurement, then calculation, then balancing and finally victory,” S
In the field of computer security, threat modeling achieves comprehensiveness through abstractions, beginning with broad categories of threats and system architectures rather than implementation details or concrete attacks. Such abstraction encourages us to think through a broad array of threats and prevents us from getting caught up in a small number of specific threats. It prevents us from building multiple layers of mitigation against one threat while ignoring others. Threat modeling promotes comprehensi
TYCON