All Questions
6 questions
1
vote
1
answer
124
views
Static react native app security issues
I am creating a react native mobile application using Expo. This app simply renders information - there is no data collection or entry, no user accounts, no database (other than JSON storage). There ...
- 113
2
votes
1
answer
2k
views
What is the difference between ATT&CK and CAPEC?
My question is on Cyber Threat Intelligence (CTI). I want to know the difference between Attack Patterns (as in MITRE CAPEC) and Tactics, Techniques and Procedures (as in MITRE ATT&CK). They both ...
- 123
1
vote
1
answer
7k
views
What is the difference between "local" and "Adjacent" threat agents?
I am using CVSS to do the vulnerability assessment for my project.
As per documentation here is the definition of local and adjacent
Adjacent (A) The vulnerable component is bound to the network ...
- 159
2
votes
4
answers
275
views
Threat modelling - including threats one cannot mitigate?
When threat modelling, should you include the threats a system cannot mitigate?
If so, where should you stop? It could be very time-consuming to list all the threats one cannot mitigate.
- 171
1
vote
2
answers
2k
views
Threat Modelling Examples (Distributed Systems)
I have threat modelled applications in the past, but I'd like to threat model a distributed system. However for other people I'm with, who have never done it at all, I'd like to check out some ...
- 11
1
vote
2
answers
268
views
Malware for testing [duplicate]
IS there websites and places where you can download all types of malware that you can run and test the security setup of your system?
I am currently playing around with UAC+EMET4+MSE and would like ...
- 539