upload
download
help
palette
Default
Light
Monokai
Gruvbox
Eclipse
zoom_in
zoom_out
bottom_panel_open
right_panel_open
expand_more
Model: My security model Assumption: Model level assumptions Given Target is open to Internet And Target has known vulnerabilities Attack: Unmitigated attack When Attack actions are performed Then Attacker gains access to target Attack: Reconnaissance is performed on target When Recon actions are performed Then Attacker gains knowledge about vulnerabilities about target Attack: Exploitation Given Reconnaissance is performed on target And Recon indicated potential entry points When attacker exploits vulnerabilities Then Attacker gains access to target Defense: Reconnaissance activites are monitored Given A NOC constantly monitors public traffic When Attacker gains knowledge about vulnerabilities about target Then Security Operations Center is notified Policy: Company Policies Assumption: Tools support Given Company has invested in tools that help enforce the policy Defense: Vulnerabilities are mitigated before release to production Given Vulnerability scanners in CI/CD pipeline look for code level problems When attacker exploits vulnerabilities Then security controls ensure vulnerabilities cannot be exploited
Pre-cond.
Policy
Attack
Unmitigated
Defense
Inc. Resp.
100%
close