Simplifying Threat Modeling
Offered By: LASCON via YouTube
Course Description
Overview
Explore a simplified approach to threat modeling in this 44-minute conference talk from LASCON 2012. Learn about the anatomy of an attack, threat traceability matrix, and elements of a threat model. Discover a streamlined framework for threat modeling, including steps to diagram software architecture, enumerate attack surfaces, and visualize users as potential threats. Gain insights on illuminating assets and trust boundaries, postulating attacks against assets, evaluating impact, and implementing mitigation strategies. Understand how to act on threat modeling results and simplify the overall process to enhance your cybersecurity practices.
Syllabus
Intro
Today's Threat Modeling Theme
What is a Threat?
Threat Example - Mobile Architecture
Anatomy of an Attack
Threat Traceability Matrix
Elements of a Threat Model
Simplified Threat Modeling Framework
Diagram Software Architecture
Enumerate Attack Surface(s)
Each User Class Becomes a Threat
Malicious Intent Creates New Threat
Visualize Normal Users as Threats
Re-consider Attack Surface(s)
Capture 'Who', 'Where', and 'What'
Illuminate Assets
Illuminate Trust Boundaries
Postulate Attacks Against Assets
Evaluate Impact
Mitigate
7+1 Threat Modeling Steps
Acting on Threat Modeling Results
Simplifying Threat Modeling
Taught by
LASCON
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera The Caltech-JPL Summer School on Big Data Analytics
California Institute of Technology via Coursera Automated Visual Software Analytics
openHPI Software Architecture & Design
Georgia Institute of Technology via Udacity Software Architecture for the Internet of Things
EIT Digital via Coursera