YoVDO

Simplifying Threat Modeling

Offered By: LASCON via YouTube

Tags

LASCON Courses Cybersecurity Courses Risk Management Courses Software Architecture Courses Threat Modeling Courses Attack Surface Analysis Courses

Course Description

Overview

Explore a simplified approach to threat modeling in this 44-minute conference talk from LASCON 2012. Learn about the anatomy of an attack, threat traceability matrix, and elements of a threat model. Discover a streamlined framework for threat modeling, including steps to diagram software architecture, enumerate attack surfaces, and visualize users as potential threats. Gain insights on illuminating assets and trust boundaries, postulating attacks against assets, evaluating impact, and implementing mitigation strategies. Understand how to act on threat modeling results and simplify the overall process to enhance your cybersecurity practices.

Syllabus

Intro
Today's Threat Modeling Theme
What is a Threat?
Threat Example - Mobile Architecture
Anatomy of an Attack
Threat Traceability Matrix
Elements of a Threat Model
Simplified Threat Modeling Framework
Diagram Software Architecture
Enumerate Attack Surface(s)
Each User Class Becomes a Threat
Malicious Intent Creates New Threat
Visualize Normal Users as Threats
Re-consider Attack Surface(s)
Capture 'Who', 'Where', and 'What'
Illuminate Assets
Illuminate Trust Boundaries
Postulate Attacks Against Assets
Evaluate Impact
Mitigate
7+1 Threat Modeling Steps
Acting on Threat Modeling Results
Simplifying Threat Modeling


Taught by

LASCON

Related Courses

Burp Suite - Basic Concepts for Web Pentesting
YouTube Rawr - Rapid Assessment of Web Resources
YouTube Analyzing & Breaking QNX Exploit Mitigations and PRNGs for Embedded Systems
Black Hat via YouTube Fuzzing File System Implementations to Uncover Security Bugs
Hack In The Box Security Conference via YouTube Building an AppSec Program from the Ground Up - An Honest Retrospective
LASCON via YouTube