Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
An attack tree decomposes 'the attacker wins' into the OR/AND combinations of sub-goals that would achieve it. Where STRIDE is a checklist, attack trees are an actual logic structure — each leaf is a specific technique with a cost, and the root is reachable if any sufficient path is. They're how you reason about which control gives you the most marginal security per dollar.
Root goal: 'attacker reads my customers' PII'. OR branches: (1) compromise the DB host, (2) abuse an over-permissive query API, (3) phish an internal employee with prod access. Each branch decomposes further; each leaf has a cost.
Use these three in order. Each builds on the one before.
In one paragraph, explain attack trees and why they encode prioritisation.
Walk me through building an attack tree for a SaaS company's customer data.
Critique attack trees as a method — what attacks do they miss, and what frameworks complement them?