Practice identifying threats and designing mitigations using structured methodologies.
- Draw a Data Flow Diagram (DFD) for:
- Customer → Website → Database → Payment Gateway.
- Identify threats using STRIDE.
- Suggest mitigations for each threat.
- Model a REST API with authentication and sensitive data transfer.
- Identify attack surface (endpoints, tokens, storage).
- Apply PASTA or Kill Chain approach.
- Scenario: Web app deployed on Kubernetes with CI/CD.
- Identify risks in:
- Supply chain (malicious dependencies).
- Misconfigurations (open S3 buckets, exposed dashboards).
- Runtime threats (container escape).
- Propose mitigations.
- Data flow diagrams.
- Threat list.
- Mitigation strategies linked to security principles.