YoVDO

Threat Modeling: Tampering in Depth

Offered By: LinkedIn Learning

Tags

Threat Intelligence Courses Software Development Courses Cybersecurity Courses Data Integrity Courses Cloud Services Courses Threat Modeling Courses

Course Description

Overview

Learn how tampering threats work and how to mitigate them. Explore how attackers can tamper with a variety of systems and tools, from debuggers to cloud services.

Syllabus

Introduction
  • Mitigate tampering threats
  • Four-question framework
  • Tampering as part of STRIDE
1. Tampering with a Process
  • Debuggers and input
  • Libraries
  • Mobile
2. Tampering with Storage
  • Tampering with local storage
  • Permissions
  • Effects of tampering
3. Tampering with Things
  • Whose screw? Physical tampering matters
  • Debug interfaces are exposed
4. Tampering with Time Itself
  • Time is increasingly important
5. Tampering with Cloud
  • Controls and authentication
  • Becoming Jane Admin
6. Tampering with Data Flows
  • Channels and messages
  • Replay and reflection
  • Headers: Injection and order
7. Integrity Defenses
  • Prevention and detection goals
  • Crypto
  • Something more privileged
Conclusion
  • Next steps

Taught by

Adam Shostack

Related Courses

Teaching goes massive: new skills required
University of Zurich via Coursera Introduction to Cloud Computing
IEEE via edX Déployez des applications dans le cloud avec IBM Bluemix
IBM via OpenClassrooms Mobile Devices in Everyday Life
Tallinn University via EMMA Planning and Preparing SharePoint Hybrid
Microsoft via edX