Threat modelling is a process by which potential threats, such as structural vulnerabilities, or the absence of appropriate safeguards can be identified, enumerated, and mitigations can be prioritised

  • What can an attacker do in their budget
  • How likely is an attack to be caught?
  • It is very difficult (near impossible) to make something impossible to break into
  • Security is about making it hard

Some framework models exist, such as STRIDE - however be sure to have an open mind, as to not restrict ourselves to only areas in the scope of these frameworks.

Legacy Systems

Often legacy systems can be found lying around, and often have vulnerabilities.
However due to time and resource allocation, these issues are often unfixed as there are more important developments going on (i.e. developing the current system)