Finding_Threats_Week3_Instructions.pdf – EoP Discussion. This is a discussion of threat modeling using the Elevation of Privilege game.
This discussion is required. Each of you will choose an EoP card, and then create a post describing your card, why you chose it, and how the threat affects our application. Then, post your comments on at least 2 other students’ posts.
Step 1 – Pick your EoP card. Select any “card” from any “suit” from the EoP card deck
Step 2 – Online discussion – create a posting that describes your card, why you chose it, and how the threat affects our application.
Step 3 – Comment on AT LEAST 2 other student posts Substantive comments
Threat Modeling Session 2a
Assignment
This week’s assignment
• Read chapter 2
– Review Chapter 1: Figure 1-3, page 7
• Download the “Elevation of Privilege” game
• Pick your card
• Discuss
– Describe your card and how it applies to the class system
Read chapters 1 and 2
• This week’s assignment refers to figure 1-3, on page 7 – This can represent many types of applications – Let’s assume this is an online shopping application
Web browser Web server Business logic Database
Corporate data center Web storage (offsite)
1 2 3 4 5 6 7
Elevation of Privilege (EoP) game
• Pages 7-9, Appendix D
• Download from
– http://Microsoft.com/security/sdl/adopt/eop.aspx
• Learn the game basics
• Review the cards
– Either print the cards you downloaded or refer to Appendix Dhttp://microsoft.com/security/sdl/adopt/eop.aspx
Discussion steps
• Step 1 – Pick your EoP card – Select any “card” from any “suit” from the EoP card deck
• Step 2 – Online discussion – create a posting that describes your card, why you chose it, and how the threat affects our application.
• Step 3 – Comment on AT LEAST 2 other student posts – Substantive comments
• In summary – You will post AT LEAST 3 times (1 original and 2 comments)