This category is for tagging articles related to common application security threats.
What is a threat agent?
We use the term 'threat agent' to describe the actor involved with an attack. Note that Microsoft literature uses the word 'threat' to refer to the likelihood of something bad happening - generally referred to as a 'risk' in the security literature.
Threat agents fall into several broad categories:
- Natural (flood, fire, lightning, meteor)
- Human Unintentional (accidents, carelessness)
- Human Intentional (insider, outsider)
Threat modeling is an activity to identify threats and estimate their likelihood. The specific vulnerability, related countermeasures, and impact are not required to discuss a threat, because the threat exists even if the target is well protected against it. For example, there is a threat that an attacker could launch a denial of service attack against your application even if you have sufficient defenses in place.
How to add a new Threat Agent article
You can follow the instructions to make a new Threat Agent article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the Threat Agent category:
Your article should be specific about the threat agent and potential attacks involved. You should provide details about how to determine whether the threat applies to an application and how to estimate its likelihood.
This category has the following 4 subcategories, out of 4 total.