YoVDO

Threat Modeling: Tampering in Depth

Offered By: LinkedIn Learning

Tags

Threat Intelligence Courses Software Development Courses Cybersecurity Courses Data Integrity Courses Cloud Services Courses Threat Modeling Courses

Course Description

Overview

Learn how tampering threats work and how to mitigate them. Explore how attackers can tamper with a variety of systems and tools, from debuggers to cloud services.

Syllabus

Introduction
  • Mitigate tampering threats
  • Four-question framework
  • Tampering as part of STRIDE
1. Tampering with a Process
  • Debuggers and input
  • Libraries
  • Mobile
2. Tampering with Storage
  • Tampering with local storage
  • Permissions
  • Effects of tampering
3. Tampering with Things
  • Whose screw? Physical tampering matters
  • Debug interfaces are exposed
4. Tampering with Time Itself
  • Time is increasingly important
5. Tampering with Cloud
  • Controls and authentication
  • Becoming Jane Admin
6. Tampering with Data Flows
  • Channels and messages
  • Replay and reflection
  • Headers: Injection and order
7. Integrity Defenses
  • Prevention and detection goals
  • Crypto
  • Something more privileged
Conclusion
  • Next steps

Taught by

Adam Shostack

Related Courses

Fundamentos del Internet de las cosas (IoT): Seguridad I
Galileo University via edX Mobile Payment Security
New York University (NYU) via edX Develop Securely
Salesforce via Trailhead Information Security - Introduction to Information Security
New York University (NYU) via edX Penetration Testing - Discovering Vulnerabilities
New York University (NYU) via edX