YoVDO

Threat Modeling: Information Disclosure in Depth

Offered By: LinkedIn Learning

Tags

Threat Intelligence Courses Cryptography Courses Cloud Security Courses Threat Modeling Courses Secrets Management Courses

Course Description

Overview

Learn about the information disclosure pillar in the STRIDE threat modeling framework. Discover how to preserve the confidentiality of the data, secrets, and other information you store.

Syllabus

Introduction
  • Allow me to disclose something
  • Four-question framework
  • Information disclosure as a part of STRIDE
1. Data at Rest
  • Authorized access
  • Physical layer
  • Metadata
2. Data in Motion
  • Encrypted and unencrypted
  • Metadata in motion
  • Non-internet data
3. Information Disclosure by Processes
  • Intentional disclosure
  • Metadata and security
4. Side Effects
  • Radios: Intentional and accidental
  • Timing
  • Interpretation
5. Disclosure in Certain Technologies
  • Cloud
  • IoT and mobile
  • AI and machine learning
6. Defenses
  • Metadata management
  • Secrets and secrets management
  • Cryptography
Conclusion
  • Next steps

Taught by

Adam Shostack

Related Courses

Microsoft Azure for Node.js Developers - Building Secure Services and Applications
Pluralsight Configuring and Managing Microsoft Azure Key Vault
Pluralsight Getting Started with HashiCorp Vault
Pluralsight Installing and Configuring HashiCorp Vault
Pluralsight Managing Access and Secrets in HashiCorp Vault
Pluralsight