Improve Your Threat Modeling Skills

Threat modeling is a foundational framework for security professionals. In this learning path, learn how to use the STRIDE model to identify key threats—spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege—and deliver secure products and services.

• Learn why threat modeling is foundational to the SDL.
• Identify six common threats and discover how they work.
• Develop your threat modeling skills.

• Course 1: Learning Threat Modeling for Security Professionals
• Threat modeling helps security professionals understand what can go wrong—and what to do about it. Learn to use the four-question and STRIDE frameworks for threat modeling.
• Course 2: Threat Modeling: Spoofing In Depth
• Learn about one of the key threats to modern systems: spoofing, or authentication attacks. Explore ways that attackers spoof people, machines, file systems, and processes.
• Course 3: Threat Modeling: Tampering in Depth
• Learn how tampering threats work and how to mitigate them. Explore how attackers can tamper with a variety of systems and tools, from debuggers to cloud services.
• Course 4: Threat Modeling: Repudiation in Depth
• Explore repudiation threats and how to defend against them. Learn how to grapple with fraud, identity theft, and repudiation in specific technologies such as blockchain.
• Course 5: Threat Modeling: Information Disclosure in Depth
• Learn about the information disclosure pillar in the STRIDE threat modeling framework. Discover how to preserve the confidentiality of the data, secrets, and other information you store.
• Course 6: Threat Modeling: Denial of Service and Elevation of Privilege
• This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.