Idea for a third threat model example #527
Description
As I was reading through the two scenarios described in the Tutorial, I had a strong feeling that one important threat model was not covered: Myself as a developer! The threat model goes like this:
- I build a website that contains a contact form where submitters can leave their contact information
- I store the submitted contact form data in my database
- At some point in the future, I do a
mysqldumpand forget about the resulting*.sqlfile in a public folder on the server - I also don't have a
.htaccessdirective to prevent direct access to*.sqlfiles
This is the scenario I find the most likely for many simpler websites. Data theft. Maybe you find this a useful addition to the scenarios? It's not so much about implementation but more about realizing a threat even exists.