From the course: Ethical Hacking: Vulnerability Analysis
Join today to access over 24,900 courses taught by industry experts.
Solution: Threat modeling exercise
From the course: Ethical Hacking: Vulnerability Analysis
Solution: Threat modeling exercise
(upbeat music) - [Instructor] Okay, now let's check our work. You were to look at the data flow diagram and then using the STRIDE method indicate some areas where we might see some threats. Well, starting at the browser, an attacker could pose as the web application and spoof the client, which would allow them to obtain the client credentials. And this could happen in a man-in-the-middle attack. To mitigate this threat, provide ways to authenticate the server prior to the transaction. With the web application, information disclosure can occur if someone were to sniff the unencrypted traffic by using something such as Wireshark. As the traffic passes from the application to the client, they might be able to obtain credentials or other sensitive information. Now, this could be mitigated by simply using encryption, and the SQL database would have a potential threat of tampering by using an SQL injection attack where malicious code is passed to the server to read contents or to modify the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Risks threats and vulnerabilities4m 16s
-
(Locked)
Recognizing common vulnerabilities5m 41s
-
(Locked)
Classifying vulnerabilities5m 3s
-
(Locked)
Assessing vulnerabilities5m 41s
-
(Locked)
Vulnerability management life cycle4m 44s
-
(Locked)
Modeling threats4m 8s
-
(Locked)
Challenge: Threat modeling exercise2m 40s
-
(Locked)
Solution: Threat modeling exercise2m 22s
-
-
-
-
-