Finding_Threats_Week3_Instructions.pdf  – EoP Discussion.  This is a discussion of threat modeling using the Elevation of Privilege game. 

This discussion is required.  Each of you will choose an EoP card, and then create a post describing your card, why you chose it, and how the threat affects our application. Then, post your comments on at least 2 other students’ posts. 

Step 1 – Pick your EoP card. Select any “card” from any “suit” from the EoP card deck
Step 2 – Online discussion – create a posting that describes your card, why you chose it, and how the threat affects our application. 
Step 3 – Comment on AT LEAST 2 other student posts Substantive comments

Threat Modeling Session 2a

Assignment

This week’s assignment

• Read chapter 2

– Review Chapter 1: Figure 1-3, page 7

• Download the “Elevation of Privilege” game

• Pick your card

• Discuss

– Describe your card and how it applies to the class system

Read chapters 1 and 2

• This week’s assignment refers to figure 1-3, on page 7 – This can represent many types of applications – Let’s assume this is an online shopping application

Web browser Web server Business logic Database

Corporate data center Web storage (offsite)

1 2 3 4 5 6 7

Elevation of Privilege (EoP) game

• Pages 7-9, Appendix D

• Download from

– http://Microsoft.com/security/sdl/adopt/eop.aspx

• Learn the game basics

• Review the cards

– Either print the cards you downloaded or refer to Appendix Dhttp://microsoft.com/security/sdl/adopt/eop.aspx

Discussion steps

• Step 1 – Pick your EoP card – Select any “card” from any “suit” from the EoP card deck

• Step 2 – Online discussion – create a posting that describes your card, why you chose it, and how the threat affects our application.

• Step 3 – Comment on AT LEAST 2 other student posts – Substantive comments

• In summary – You will post AT LEAST 3 times (1 original and 2 comments)