Typofixes.

data/module-2/part-6/threat.md

@@ -6,7 +6,7 @@ hidden: false
 
 
 In the previous sections of the course we have shown how input checking is
-important and introduced some tools for Fuzzing the input. As a reminder, dumb
+important and introduced some tools for fuzzing the input. As a reminder, dumb
 fuzzing was based mainly on random inputs on a black box and smart fuzzing
 relied on test harnesses on the target application. What happens inside an
 application when the input is given to it? If one follows the target

data/module-4/part-1/threat.md

@@ -31,7 +31,7 @@ Adam Shostack, who was involved in security design analysis techniques at Micros
 The STRIDE Threat Model is a useful checklist of questions that can help in the threat-modelling of an application. "STRIDE" is an acronym for the following threat categories: _Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service,_ and _Elevation of Privilege_.
 
 
-As in the start we hinted on the fact that the mnemonic threat lists such as STRIDE are good starting points and they work as good starting points in the discussions for the data flow analysis. If you consider that in the last part dissected the application to its data flows and identified what protocols are used and what data content is in the flow you should be ready for technical discussion about the series of questions the STRIDE stands for for all of the identified flows.
+As in the start we hinted on the fact that the mnemonic threat lists such as STRIDE are good starting points and they work as good starting points in the discussions for the data flow analysis. If you consider that in the last part dissected the application to its data flows and identified what protocols are used and what data content is in the flow you should be ready for technical discussion about the series of questions the STRIDE stands for all of the identified flows.
 
 Easiest way to get started is to start from higher levels and work your way down as needed. Sometimes the decisions on the higher level will make the lower layer protocol issues go away or change them completely. For example, sometimes the data is transported with different protocol stacks in different parts of the system and each of these stacks have to be treated separately. However, if you can provide end-to-end security services on the application level you change the needs on the lower levels.
 
@@ -43,7 +43,7 @@ _Tampering_ covers cases such as unauthorized changes made to persistent data, w
 
 _Repudiation_ has two sides to it. First the threats that concern the users who deny their actions. For example, a user performs an illegal operation in a system that lacks the ability to trace the prohibited operations. Sometimes this is desirable way, consider the privacy preserving possibility of plausible denial. Second, non-repudiation which refers to systems ability to counter the denying users. For example of non-repudiation a client can buy something and then claim not. For this reason users might need to sign a receipt upon receiving the item and the vendor can use the signed receipt as evidence of the transaction. The system needs to keep audit logs for this to work and it must be ensured that they are stored in a way that they cannot be tampered with.
 
-_Information Disclosure_ covers the exposure of information to unauthorized individuals. This category of threat can also occur within a machine or during transport. The main questions to ponder are things such as who are the once authorised to see the data or how can we determine who has seen it. When considering storing the data there might be long-term confidentiality needs and that might pose issues for example to encryption choices today. Something that is hard to crack now might not be in the future.
+_Information Disclosure_ covers the exposure of information to unauthorized individuals. This category of threat can also occur within a machine or during transport. The main questions to ponder are things such as who are authorised to see the data or how can we determine who has seen it. When considering storing the data there might be long-term confidentiality needs and that might pose issues for example to encryption choices today. Something that is hard to crack now might not be in the future.
 
 _Denial of Service_ refers to all the cases in which the server or service is made unavailable for the authorised users. You must protect against certain types of DoS threats simply to improve system availability and reliability.
 
@@ -54,12 +54,12 @@ Lastly, _Elevation of Privilege_ is a threat type in which an unprivileged user
 
 ## Applying STRIDE
 
-As an example one can consider a webstore that stores personal profiles of the users. The following are what kind of threats one can find but in no mean is not definitive list of possible threats.
+As an example one can consider a webstore that stores personal profiles of the users. In the list below you find some threats one can find but it is by no means a definitive list of all possible threats.
 
-- A malicious user uses man-in-the-middle to view and/or tamper with profile data on route from client and server or between components in the system.
+- A malicious user uses man-in-the-middle to view and/or tamper with profile data en route from client and server or between components in the system.
 - A malicious user accesses or tampers with the profile data directly in the database. 
 - A malicious user learns how to act "on behalf of" the user by mimicking certain Lightweight Directory Access Protocol (LDAP) behaviour.
-- A malicious user tampering with the data on the site
+- A malicious user tampering with the data on the site.
 - A malicious user launches a DoS attack against some part of the system and renders the system inoperable. For example denying access to database serving the user profiles.
 - A malicious user deletes or modifies the audit logs.
 - A malicious user launches a DoS attack on the target and crashes it and takes the place of the target.
@@ -92,7 +92,7 @@ The prioritizing of the threats can be critical for many reasons. In some case t
 
 With the prioritization we can start the fixing job from the highest payoff tasks. There is basically just two questions: how likely it is that the sh\*t hits the fan, and how large of clean job you have in your hands after it. Sometimes these questions are skipped and it is just assumed that everything has to be fixed. There may be situations where you find a problem but it is not applicable into the current operating scenario or environment. But remember sometimes a threat does not look that dangerous on the first glance but could still hit the fan and land you with a massive cleaning task. Care has to be used and common sense also.
 
-In essence you need to decide what is the cost to mitigate the problem and is it greater that the probability of it happening. This means that Risk is impact times the probability of it happening. Here the impact is easy to estimate, the probability not so easy and is usually a guess. How this is done in reality differs from case to case but it is in the end driven by the organisation and possibly some sort of risk management process in that organisation.
+In essence you need to decide what is the cost to mitigate the problem and is it greater that the probability of it happening. This means that risk is impact times the probability of it happening. Here the impact is easy to estimate, the probability not so easy and is usually a guess. How this is done in reality differs from case to case but it is in the end driven by the organisation and possibly some sort of risk management process in that organisation.
 
 
 <quiz id="7fc00160-347a-5920-b869-c9608da80c67"></quiz>