YoVDO

Threat Modeling: Tampering in Depth

Offered By: LinkedIn Learning

Tags

Threat Intelligence Courses Software Development Courses Cybersecurity Courses Data Integrity Courses Cloud Services Courses Threat Modeling Courses

Course Description

Overview

Learn how tampering threats work and how to mitigate them. Explore how attackers can tamper with a variety of systems and tools, from debuggers to cloud services.

Syllabus

Introduction
  • Mitigate tampering threats
  • Four-question framework
  • Tampering as part of STRIDE
1. Tampering with a Process
  • Debuggers and input
  • Libraries
  • Mobile
2. Tampering with Storage
  • Tampering with local storage
  • Permissions
  • Effects of tampering
3. Tampering with Things
  • Whose screw? Physical tampering matters
  • Debug interfaces are exposed
4. Tampering with Time Itself
  • Time is increasingly important
5. Tampering with Cloud
  • Controls and authentication
  • Becoming Jane Admin
6. Tampering with Data Flows
  • Channels and messages
  • Replay and reflection
  • Headers: Injection and order
7. Integrity Defenses
  • Prevention and detection goals
  • Crypto
  • Something more privileged
Conclusion
  • Next steps

Taught by

Adam Shostack

Related Courses

Software as a Service
University of California, Berkeley via Coursera Software Testing
University of Utah via Udacity The Hardware/Software Interface
University of Washington via Coursera Software Debugging
Saarland University via Udacity Introduction to Systematic Program Design - Part 1
The University of British Columbia via Coursera