Summary
Identifying security threats is critical but, given the complexity of modern high-availability, cloud-based platforms such as Moodle, it isn’t always obvious where the security vulnerabilities will be found. In this chapter, once we learned about the terminology, we saw how DFDs can be used to identify where data might be vulnerable to attack.
We saw that DFDs can become very complex very quickly, and how having a software tool to help us build the model and track the changes becomes useful. To address this challenge, we have the Microsoft Threat Modeling Tool, which we also started using in this chapter.
The STRIDE security threat categories have been introduced in this chapter. We used these to consider aspects of the Mathaholics platform that are at risk of attack, and you will be able to apply these to your own Moodle project.
Finally, we considered ways to ensure that we are validating our own work. The key thing to stress is that ensuring the security...