ISEC 620 Homework 3
Please review the chapters about attack trees and attack libraries:
Attack Libraries (CAPEC and OWASP Top Ten attack libraries):
Attack trees are an essential method for threat assessment. It evaluates the security of a system from an attacker perspective. The root node represents the attacks’ goal, and the remaining leaves indicate sub-goals or attack methods.
In this homework, you are expected to provide an attack tree for the system you threat-modeled in the lab. The goal of the attacks is to steal information from the password-protected blog website.
Provide a report that includes your analysis. The report should consist of (but not limited to) the following items:
1. Initial attack interfaces and a short description of why they can be the starting point for attacks
2. Attack tree
b. The nodes of the tree (Please use AND, OR functions appropriately)
Map the sub-goals and attack methods with the attack libraries given in the second reading
Question 3 – Weekly Learning and Reflection
In two to three paragraphs of prose (i.e., sentences, not bullet lists) using APA style citations if needed, summarize and interact with the content that was covered this week in class. In your summary, you should highlight the major topics, theories, practices, and knowledge that were covered. Your summary should also interact with the material through personal observations, reflections, and applications to the field of study. In particular, highlight what surprised, enlightened, or otherwise engaged you. Make sure to include at least one thing that you’re still confused about or ask a question about the content or the field. In other words, you should think and write critically not just about what was presented but also what you have learned through the session. Questions asked here will be summarized and answered anonymously in the next class.