Done
- General of threat modeling.
- Dive in to the threat modeling process.
- General of fuzzing.
Not done
- Dynamic analysis
Question
About threat modeling
- What are qualitative methods and software simulations methods for validation of the model in threat modeling?
- “Eliminating threats is almost always achieved by eliminating features”?
- What specific things I need to do for answering the fourth question?
About fuzzing (or related to fuzzing)
- Symbolic execution?
- Code instrumentation?
Note
Nếu như làm dynamic analysis: không nhất thiết android. Static analysis (dùng semgrep): phụ thuộc vào domain.
Todo
Tìm hiểu thêm:
- Smart contract
- An overview on smart contracts: Challenges, advances and platforms
- An Overview of Smart Contract: Architecture, Applications, and Future Trends
- Static analysis:
- Static analysis for security
- Using static analysis to find bugs
Đọc paper:
- Analysis of Blockchain Smart Contracts: Techniques and Insights.
- Slither: A Static Analysis Framework For Smart Contracts.
- Extracting and Analyzing the Implemented Security Architecture of Business Applications.
Thực hiện:
- Thử xem có thể apply static analysis trên smart contract để lấy ra các artifacts (5 elements chính của DFD) hay không?