From 385a645f2b54b1b9b05cda56c6411327e1e3fb63 Mon Sep 17 00:00:00 2001 From: Zoe Braiterman Date: Fri, 27 Dec 2024 14:37:11 -0500 Subject: [PATCH] Minor fixes to the Threat Modelng Cheat Sheet --- cheatsheets/Threat_Modeling_Cheat_Sheet.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cheatsheets/Threat_Modeling_Cheat_Sheet.md b/cheatsheets/Threat_Modeling_Cheat_Sheet.md index 26a57d0b40..762a802451 100644 --- a/cheatsheets/Threat_Modeling_Cheat_Sheet.md +++ b/cheatsheets/Threat_Modeling_Cheat_Sheet.md @@ -10,7 +10,7 @@ In the context of application security, threat modeling is a structured, repeata Threat modeling is ideally performed early in the SDLC, such as during the design phase. Moreover, it is not something that is performed once and never again. A threat model is something that should be maintained, updated and refined alongside the system. Ideally, threat modeling should be integrated seamlessly into a team's normal SDLC process; it should be treated as standard and necessary step in the process, not an add-on. -According to the [Threat Model Manifesto](https://www.threatmodelingmanifesto.org/), the threat modeling process should answer the following four questions: +According to the [Threat Modeling Manifesto](https://www.threatmodelingmanifesto.org/), the threat modeling process should answer the following four questions: 1. What are we working on? 2. What can go wrong? @@ -23,7 +23,7 @@ These four questions will act as the foundation for the four major phases descri Before turning to an overview of the process, it may be worth addressing the question: why threat model? Why bother adding more work to the development process? What are the benefits? The following section will briefly outline some answers to these questions. -### Identify Risks Early-On +### Identify Risks Early On Threat modeling seeks to identify potential security issues during the design phase. This allows security to be "built-into" a system rather than "bolted-on". This is far more efficient than having to identify and resolve security flaws after a system is in production.