1. Research and select a cyberattack/cyber-incident in which one of the threat actors discussed was involved, provide link. Breakdown the motivation of this threat actor.
2. Select a phase of the SDLC and further breakdown its steps/criteria/goals/artifacts and so on.
3. Describe a generic threat model briefly. For example:
(a) Identify assets: website server, database, domain name
(b) Describe architecture: http/https requests and responses, business logic like SQL to communicate with database, web client to web server to data store communications
(c) Decompose application: database stores usernames/info/login process, lines of communication protocols, other technical aspects/functions possibly
(d) Identify threats: sql injection for login process, domain hijacking upon renewal, man-in-middle attack on unsecure communication, denial of service/distributed denial of service attacks on web servers
(e) Documents threats: (N/A for this discussion board, more of an actionable step to document the different threats)
(f) Rate threats: (rate on priority of the threats you listed, 1 being more severe) 1. denial of service attack/distributed denial of service attack, 2. sql injection 3. man-in-middle, 4. domain hijacking renewal