Posts like this are awesome at raising awareness, but it seems difficult to find guidance on what to secure, whether to secure or not, and what to secure against. I'm not talking about SQL injection or XSS - both of which are hugely relevant for web apps, but rather a broader approach, like threat modelling.<p>The idea (for <i>any</i> system) is to start with understanding an adversary's perspective by:<p>- Listing application entry points (where does data enter into the application?)<p>- Cataloguing assets (what's being protected?)<p>- Identifying trust levels (who needs access to what?)<p>Then defining the security of the app/system by:<p>- Defining use scenarios<p>- Identifying implementation assumptions (parameter-based SQL?) and external dependencies (payment system?)<p>- Modelling the application/solution (data flow diagram that shows interactions with external entities, and machine and process boundaries)<p>The final stage is identifying threats, analysing them, and determining vulnerabilities. Threats typically fall into one of 6 categories:<p>- Spoofing<p>- Tampering<p>- Repudiation<p>- Information disclosure<p>- Denial of service<p>- Elevation of privilege<p>That stuff I've just written doesn't begin to do threat modelling justice, but it's enough to start some research.<p>And before anyone starts suggesting that it's not important/requires big design up front/we need to pivot/etc consider that exactly those arguments are what landed the likes of LinkedIn, Sony, etc. in hot water.