What analytical reasoning methods can you use to identify software engineering security vulnerabilities?

Threat modeling makes more sense at the design stage of the SDLC - not all the stages . If it is missed at that stage , a vulnerability left untreated at the design stage would be so expensive to treat later on in the SDLC. Most of the time , they live with it once it is missed and the application would be constantly exposed to cyber threats. Sometimes , it is carried over to the coding stage where programmers are now forced to write codes to control the vulnerabilities. At that time , it is not going to be very effective .

Code Review is great when coding is about to be rounded off . It should not be treated as a compensation to threat modeling . It is effective when it is carried out by an independent person who has sound knowledge in application security and the programming language in use. The farther away the reviewer is from the dev team , the better . Peer review is ineffective because of the bias that might be introduced into the review. Manual reviews will reveal about 70% of the vulnerabilities while static core analysis (SCA) which involves the use of tools will reveal 30% of the vulnerabilities. SCA should however come first before the manual review but be aware of the false positives and false negatives but SCA at least gives pointers

Linters like betty linter for C programming, ESlint for JavaScript and compilers such as GNU compiler perform static analysis on codes. I remember using these linters and compiler, a code won't execute without passing those checks. It gives you warnings or errors depending on how serious the analysis performed on your source code is. You should always use linters, compilers or scanners on your codes to help make debugging easier so you do not miss out on vulnerability which the bad actors can exploit.

Other tools to also consider for penetration testing are John the Ripper which is a password-cracking tool that can perform dictionary attacks against various types of encrypted passwords. Hydra is also a password-cracking tool used for online attacks to guess passwords through brute-force or dictionary attacks. Wireshark or TCPDump which is a network protocol analyzer that captures and displays data from a network in real-time. Also using a Linux distribution called Kali which is specifically designed for penetration testing. It comes pre-installed with a wide range of security tools. These tools are used to test the security posture of systems, networks, and applications for potential vulnerabilities.

Using threat modelling method like PASTA, can help display vulnerability and ensure the minimizing of attack surfaces.. In cybersecurity, "PASTA" refers to a threat modeling methodology. It stands for Process for Attack Simulation and Threat Analysis. This methodology helps in identifying potential threats, evaluating their potential impacts, and devising strategies to mitigate these threats within a system or application.