Exploit and Attack

Threat Modeling

Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a particular logical entity, such as a piece of data, an application, a host, a system, or an environment.

A common form of threat modeling is software threat modeling, which is threat modeling performed during software design to reduce software vulnerabilities. There are many established methodologies for performing software threat modeling.

Another common form of threat modeling is known as system threat modeling, which is threat modeling performed for operational systems to improve their overall security. Compared to software threat modeling, system threat modeling tends to be largely informal and ad hoc.

Source: NIST SP 800-154 (draft)

Exploit and Attack

“to exploit” implies a successful security violation, while “to attack” implies an attempted security violation but not its success or failure. An attack (action) that succeeds can also be called an exploit.

Source: NIST SP 800-154 (draft)

NIST Generic Risk Model
NIST Generic Risk Model
Wentz’s Risk Model
Attack Vector
Attack Vector

Leave a Reply