From 083ec3d453cd157b92529b55ab9d733c55c7a81d Mon Sep 17 00:00:00 2001 From: Zoe Braiterman Date: Sun, 29 Dec 2024 17:11:17 -0500 Subject: [PATCH] Minor fixes to the Threat Modelng Cheat Sheet (#1569) --- cheatsheets/Threat_Modeling_Cheat_Sheet.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cheatsheets/Threat_Modeling_Cheat_Sheet.md b/cheatsheets/Threat_Modeling_Cheat_Sheet.md index 26a57d0b40..762a802451 100644 --- a/cheatsheets/Threat_Modeling_Cheat_Sheet.md +++ b/cheatsheets/Threat_Modeling_Cheat_Sheet.md @@ -10,7 +10,7 @@ In the context of application security, threat modeling is a structured, repeata Threat modeling is ideally performed early in the SDLC, such as during the design phase. Moreover, it is not something that is performed once and never again. A threat model is something that should be maintained, updated and refined alongside the system. Ideally, threat modeling should be integrated seamlessly into a team's normal SDLC process; it should be treated as standard and necessary step in the process, not an add-on. -According to the [Threat Model Manifesto](https://www.threatmodelingmanifesto.org/), the threat modeling process should answer the following four questions: +According to the [Threat Modeling Manifesto](https://www.threatmodelingmanifesto.org/), the threat modeling process should answer the following four questions: 1. What are we working on? 2. What can go wrong? @@ -23,7 +23,7 @@ These four questions will act as the foundation for the four major phases descri Before turning to an overview of the process, it may be worth addressing the question: why threat model? Why bother adding more work to the development process? What are the benefits? The following section will briefly outline some answers to these questions. -### Identify Risks Early-On +### Identify Risks Early On Threat modeling seeks to identify potential security issues during the design phase. This allows security to be "built-into" a system rather than "bolted-on". This is far more efficient than having to identify and resolve security flaws after a system is in production.