Attack Libraries (CAPEC and OWASP Top Ten attack libraries):
Attack trees are an essential method for threat assessment. It evaluates the security of a system from an attacker perspective. The root node represents the attacks’ goal, and the remaining leaves indicate sub-goals or attack methods.
In this homework, you are expected to provide an attack tree for the system you threat-modeled in the lab. The goal of the attacks is to steal information from the password-protected blog website.
Provide a report that includes your analysis. The report should consist of (but not limited to) the following items:
1. Initial attack interfaces and a short description of why they can be the starting point for attacks
2. Attack tree
b. The nodes of the tree (Please use AND, OR functions appropriately)
Map the sub-goals and attack methods with the attack libraries given in the second reading