# What you'll learn

After watching this video, you will be able to: 
* Define vulnerability scanning; 
* Describe threat modeling for software development.

# What is vulnerability scanning? 

Vulnerability scanning is the search for security vulnerabilities from within the code and from the outside of an application.

Vulnerability scanners search in a variety of code languages such as C or C++, Java, Python, and PHP.

Some common code vulnerabilities to scan for include:
* Structured query language (or SQL) injection, 
* Cross-site scripting 
* Path traversal of files and directories in web applications.

# What are some guidelines for performing vulnerability scanning? 

* To develop a secure design, you need to base vulnerability scans on the specific platform configuration, the patch levels, or the application composition.
* For a web application, vulnerability scans may require access to user credentials to scan the flow of an application according to how users interact with the application.
* Vulnerability scans should span the entire application flow, across the whole application, the stack, and all supporting platforms.

# Vulnerability scanning tools

Let’s look at some tools that are available for vulnerability scanning.

Four of the most popular tools are:
* Coverity, 
* CodeSonar, 
* Snyk Code, and 
* Static Reviewer.

They are examples of static application security testing (or SAST) tools.
* **Coverity** is an incremental analysis scanner for programming languages such as C, C++, Java, and Python.
* **CodeSonar** uses abstraction to model the code and find any weaknesses in paths and program variables.
* **Snyk Code** is an integrated development tool that performs semantic analysis to discover coding and security bugs throughout the development phase.
* **Static Reviewer** eliminates well-known vulnerabilities.
* A component within the **Security Reviewer suite**, it is compliant with frameworks including:
    * Open Web Application Security Project (or OWASP), 
    * Common Vulnerabilities and Exposures (or CVEs), and 
    * The National Institute of Standards and Technology (or NIST).

# What is threat modeling? 

* Threat modeling is identifying, categorizing, and enumerating security threats.
* Threat modeling provides a process to analyze ongoing threats and eliminate the potential for software coding weaknesses and vulnerabilities.
* Threat models use diagrams to represent data flows within software applications.

# When to plan for threat modeling

![image.png](attachment:badf6d75-50f7-4fd4-bc0a-e23f4e30725e.png)

**Where does threat modeling belong in the software development lifecycle (or SDLC)?**
* The best time is during the design phase.
* By developing threat models early, you can lessen the potential for software vulnerabilities and eliminate weaknesses in the application.

# Threat model and methodologies

Three popular threat models that you can use are: 
* Process for Attack Simulation and Threat Analysis (or **PASTA**), 
* Visual, Agile, and Simple Threat (or **VAST**), and 
* finally, **STRIDE**.

![image.png](attachment:830e58a1-efec-4b47-887a-b9309e5990b2.png)

* **PASTA** is a risk-based model that connects to business objectives and technical requirements.
* **VAST** is an agile methodology with application threat models and operational threat models.
* **VAST** uses process-flow diagrams to represent the architectural perspective.
* **STRIDE** gets its name from Spoofing identity, Tampering with data, Reputation, Information disclosure, Denial of service, and Elevation of privileges.
* **STRIDE**, which came from Microsoft, evaluates applications and systems to find threats and vulnerabilities.

# Summary

In this video, you learned that: 
* Vulnerability scanning is the search for security vulnerabilities from within the code and from the outside of an application.
* Threat modeling is identifying, categorizing, and enumerating security threats.
* Vulnerability scans should span the entire application flow.
* Threat modeling early in the SDLC eliminates weaknesses in your application.