For what
Understand all possible ways to attack your company (mostly for C-Level)
Requirements
- Make a products catalog
AppSec products catalog
- Ask product owners, what are they afraid of?
- Ask product owners more about how their product works
As a security engineer, you need to get all critical functions and imagine all ways to hack it
Examples
Name of the first product
Description
Client personal area, where he can register/login/recover his password/participate in contests
Risks:
- Losing money on SMS
- Client can change the contest rules
- Personal account takeover
- Reputation loss
- ...