YoVDO

Threat Modeling: Tampering in Depth

Offered By: LinkedIn Learning

Tags

Threat Intelligence Courses Software Development Courses Cybersecurity Courses Data Integrity Courses Cloud Services Courses Threat Modeling Courses

Course Description

Overview

Learn how tampering threats work and how to mitigate them. Explore how attackers can tamper with a variety of systems and tools, from debuggers to cloud services.

Syllabus

Introduction
  • Mitigate tampering threats
  • Four-question framework
  • Tampering as part of STRIDE
1. Tampering with a Process
  • Debuggers and input
  • Libraries
  • Mobile
2. Tampering with Storage
  • Tampering with local storage
  • Permissions
  • Effects of tampering
3. Tampering with Things
  • Whose screw? Physical tampering matters
  • Debug interfaces are exposed
4. Tampering with Time Itself
  • Time is increasingly important
5. Tampering with Cloud
  • Controls and authentication
  • Becoming Jane Admin
6. Tampering with Data Flows
  • Channels and messages
  • Replay and reflection
  • Headers: Injection and order
7. Integrity Defenses
  • Prevention and detection goals
  • Crypto
  • Something more privileged
Conclusion
  • Next steps

Taught by

Adam Shostack

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network