What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?
What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?
Threat modeling is a systematic approach to identifying and addressing potential security threats and vulnerabilities during the design phase of a system or application. It involves identifying potential threats, vulnerabilities, and mitigation strategies before the system is built. This proactive method allows designers to understand the potential risks and plan appropriate countermeasures to mitigate those threats, making it an essential technique for developing secure systems.
Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized. - Source (Wiki)
B is correct
Threat modeling is a proactive method of uncovering threats not usually considered or found through code reviews and other types of audits - Techtarget
"What testing technique..." Threat modeling is testing technique ?
The correct answer is B. Threat modeling is a testing technique that enables the designer to develop mitigation strategies for potential vulnerabilities in software. It involves identifying potential threats and vulnerabilities in a software system and then developing and implementing strategies to mitigate those threats and vulnerabilities. This process can help to ensure that a software system is secure and can help to prevent security breaches and other types of cyber attacks. The other options listed are also testing techniques that can be used to identify potential vulnerabilities in software, but they do not directly enable the designer to develop mitigation strategies for those vulnerabilities.
threat modeling also implements test during the development phase
It's A. Is source code review a testing technique? - Yes Is it enables the designer to develop mitigation strategies for potential vulnerabilities? - Yes Threat modeling is testing technique ? - No Pentest allow to remidiate vulns that was fount and not potential. Clearly answer is A.
The keyword is the designer, indicating that it is in the design phase
As for me, the designer has nothing to do with threat modeling and pentesting.
Taking my words back. From the OSG about the SAMM Model - Design The process used by the organization to define software requirements and create software. This function includes practices for threat modeling, threat assessment, security requirements, and security architecture. So, B is probably correct.
potential vulnerabilities = Threat modeling