Update nexus: fix conflicts and sync local changes
This commit is contained in:
Shen Wei
@@ -1,72 +1,72 @@
|
||||
# Threat Modeling
|
||||
|
||||
## Definition
|
||||
Threat Modeling is a structured approach for identifying and prioritizing potential threats to a system, and determining the value that potential mitigations would have in reducing or neutralizing those threats.
|
||||
|
||||
## Concept
|
||||
威胁建模是一种系统化的方法,用于识别和优先处理系统的潜在威胁,并确定潜在缓解措施在减少或消除这些威胁方面的价值。
|
||||
|
||||
## When to Perform
|
||||
|
||||
### Design Phase (Shift-Left)
|
||||
- 新系统架构设计时
|
||||
- 重大功能变更时
|
||||
- 系统集成前
|
||||
|
||||
### Development Phase
|
||||
- 安全编码时
|
||||
- 安全评审时
|
||||
|
||||
### Operations Phase (Shift-Right)
|
||||
- 定期复审
|
||||
- 重大安全事件后
|
||||
- 系统退役评估
|
||||
|
||||
## Process (STRIDE Framework)
|
||||
|
||||
### S - Spoofing(欺骗)
|
||||
伪造身份,如会话劫持
|
||||
|
||||
### T - Tampering(篡改)
|
||||
修改数据或代码
|
||||
|
||||
### R - Repudiation(抵赖)
|
||||
否认执行的操作
|
||||
|
||||
### I - Information Disclosure(信息泄露)
|
||||
未授权访问敏感数据
|
||||
|
||||
### D - Denial of Service(拒绝服务)
|
||||
使系统不可用
|
||||
|
||||
### E - Elevation of Privilege(权限提升)
|
||||
获得超出预期的权限
|
||||
|
||||
## Tools
|
||||
- Microsoft Threat Modeling Tool
|
||||
- OWASP Threat Dragon
|
||||
- IriusRisk
|
||||
- draw.io + 威胁建模模板
|
||||
|
||||
## Output
|
||||
- 威胁文档
|
||||
- 风险矩阵(概率 × 影响)
|
||||
- 缓解措施清单
|
||||
- 安全需求
|
||||
|
||||
## Best Practices
|
||||
1. 从攻击者角度思考
|
||||
2. 覆盖所有信任边界
|
||||
3. 考虑依赖组件的安全
|
||||
4. 定期更新威胁模型
|
||||
5. 与安全专家协作
|
||||
|
||||
## Related Concepts
|
||||
- [[DevSecOps]] — 威胁建模是安全开发的重要实践
|
||||
- [[Shift-Left-Security]] — 早期安全分析
|
||||
- [[Zero-Trust-Architecture]] — 零信任架构
|
||||
- [[Risk-Management]] — 风险管理
|
||||
- [[Security-Design]] — 安全设计
|
||||
|
||||
## Sources
|
||||
- [[what-is-devsecops-best-practices-benefits-and-tools]]
|
||||
# Threat Modeling
|
||||
|
||||
## Definition
|
||||
Threat Modeling is a structured approach for identifying and prioritizing potential threats to a system, and determining the value that potential mitigations would have in reducing or neutralizing those threats.
|
||||
|
||||
## Concept
|
||||
威胁建模是一种系统化的方法,用于识别和优先处理系统的潜在威胁,并确定潜在缓解措施在减少或消除这些威胁方面的价值。
|
||||
|
||||
## When to Perform
|
||||
|
||||
### Design Phase (Shift-Left)
|
||||
- 新系统架构设计时
|
||||
- 重大功能变更时
|
||||
- 系统集成前
|
||||
|
||||
### Development Phase
|
||||
- 安全编码时
|
||||
- 安全评审时
|
||||
|
||||
### Operations Phase (Shift-Right)
|
||||
- 定期复审
|
||||
- 重大安全事件后
|
||||
- 系统退役评估
|
||||
|
||||
## Process (STRIDE Framework)
|
||||
|
||||
### S - Spoofing(欺骗)
|
||||
伪造身份,如会话劫持
|
||||
|
||||
### T - Tampering(篡改)
|
||||
修改数据或代码
|
||||
|
||||
### R - Repudiation(抵赖)
|
||||
否认执行的操作
|
||||
|
||||
### I - Information Disclosure(信息泄露)
|
||||
未授权访问敏感数据
|
||||
|
||||
### D - Denial of Service(拒绝服务)
|
||||
使系统不可用
|
||||
|
||||
### E - Elevation of Privilege(权限提升)
|
||||
获得超出预期的权限
|
||||
|
||||
## Tools
|
||||
- Microsoft Threat Modeling Tool
|
||||
- OWASP Threat Dragon
|
||||
- IriusRisk
|
||||
- draw.io + 威胁建模模板
|
||||
|
||||
## Output
|
||||
- 威胁文档
|
||||
- 风险矩阵(概率 × 影响)
|
||||
- 缓解措施清单
|
||||
- 安全需求
|
||||
|
||||
## Best Practices
|
||||
1. 从攻击者角度思考
|
||||
2. 覆盖所有信任边界
|
||||
3. 考虑依赖组件的安全
|
||||
4. 定期更新威胁模型
|
||||
5. 与安全专家协作
|
||||
|
||||
## Related Concepts
|
||||
- [[DevSecOps]] — 威胁建模是安全开发的重要实践
|
||||
- [[Shift-Left-Security]] — 早期安全分析
|
||||
- [[Zero-Trust-Architecture]] — 零信任架构
|
||||
- [[Risk-Management]] — 风险管理
|
||||
- [[Security-Design]] — 安全设计
|
||||
|
||||
## Sources
|
||||
- [[what-is-devsecops-best-practices-benefits-and-tools]]
|
||||
|
||||
Reference in New Issue
Block a user