Topics covered in this book
The following topics were covered in detail:
- Threat modeling: Threat modeling is a proactive approach to identifying, understanding, and mitigating potential security threats. In the case of the government agency (GovAgency), threat modeling was used to determine the most likely and dangerous threats to their infrastructure. This helped them prioritize their security efforts and invest in the most effective countermeasures.
- Software composition analysis (SCA): SCA is used to identify potential vulnerabilities in open source components of software. The IT company (TechSoft) heavily relied on SCA to ensure the open source components they used did not compromise their software’s security. It helped them keep track of all third-party components, their associated licenses, and known vulnerabilities.
- SAST and DAST: SAST involves examining the source code for potential vulnerabilities, while DAST involves testing a running application for...