2 Moodle Threat Modeling

In Chapter 1, we learned that security threats are in no way new and that security needs to be factored into any Moodle project right from the start. So, knowing that designing for security is vital to any Moodle deployment, how do we actually identify those threats? In this chapter, we introduce the concept of threat modeling, a set of tools and techniques we can use to identify threats, which was originally outlined by Adam Shostack in his book, Threat Modeling: Designing for Security. As we introduce this chapter, we remember the words of US economist Thomas Schelling:

“A person cannot… draw up a list of things that would never occur to him.”

Often, in conversations where security incidents are discussed, I hear sentences ...

Get Moodle 4 Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Moodle 4 Security by Ian Wild

2

Moodle Threat Modeling

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly