Most times I miss bugs or don’t find anything it is because I do not know what to look for in a particular category of protocol except maybe logical errors. But then again, the security landscape has sort of passed beyond logical errors and the bugs found and accepted in protocols are a bit more nuanced or in context.
I watched zigturs lecture at cantina and he mentioned threat modeling, although I had heard the term numerously before but not in practice or within so much context. I also realized that most times I did really well in audits I was subconsciously doing some sort of threat modeling.
Except from Threat model Manifesto:
https://www.threatmodelingmanifesto.org/#principles
“What is threat modeling?
Threat modeling is analyzing representations of a system to highlight concerns about security and privacy characteristics.
At the highest levels, when we threat model, we ask four key questions:
Why threat model?
When you perform threat modeling, “you begin to recognize what can go wrong in a system”. It also allows you to pinpoint design and implementation issues that require mitigation, whether it is early in or throughout the lifetime of the system. The output of the threat model, which are known as threats, informs decisions that you might make in subsequent design, development, testing, and post-deployment phases”