Threat Modeling

  1. Domain-Specific Threat Modeling
    1. Web Applications
      1. Common Web Threats
        1. Cross-Site Scripting
          1. SQL Injection
            1. Cross-Site Request Forgery
              1. Authentication Bypass
              2. Web-Specific Controls
                1. Content Security Policy
                  1. Secure Headers
                    1. Session Management
                  2. Mobile Applications
                    1. Platform-Specific Threats
                      1. iOS Security Model
                        1. Android Security Model
                        2. Mobile Data Protection
                          1. Data at Rest
                            1. Data in Transit
                              1. App Store Security
                            2. Cloud Infrastructure
                              1. Infrastructure as a Service Threats
                                1. Platform as a Service Threats
                                  1. Software as a Service Threats
                                    1. Shared Responsibility Model
                                      1. Provider Responsibilities
                                        1. Customer Responsibilities
                                      2. Internet of Things and Embedded Systems
                                        1. Device Constraints
                                          1. Limited Processing Power
                                            1. Memory Limitations
                                            2. Physical Security Considerations
                                              1. Tamper Resistance
                                                1. Side-Channel Attacks
                                              2. Machine Learning and AI Systems
                                                1. Model Poisoning
                                                  1. Data Integrity Attacks
                                                    1. Adversarial Examples
                                                      1. Privacy Attacks

                                                    Previous

                                                    7. Integrating Threat Modeling into the Development Lifecycle

                                                    Go to top

                                                    Next

                                                    9. Tooling and Automation