Simplifying Threat Modeling
Offered By: LASCON via YouTube
Course Description
Overview
Explore a simplified approach to threat modeling in this 44-minute conference talk from LASCON 2012. Learn about the anatomy of an attack, threat traceability matrix, and elements of a threat model. Discover a streamlined framework for threat modeling, including steps to diagram software architecture, enumerate attack surfaces, and visualize users as potential threats. Gain insights on illuminating assets and trust boundaries, postulating attacks against assets, evaluating impact, and implementing mitigation strategies. Understand how to act on threat modeling results and simplify the overall process to enhance your cybersecurity practices.
Syllabus
Intro
Today's Threat Modeling Theme
What is a Threat?
Threat Example - Mobile Architecture
Anatomy of an Attack
Threat Traceability Matrix
Elements of a Threat Model
Simplified Threat Modeling Framework
Diagram Software Architecture
Enumerate Attack Surface(s)
Each User Class Becomes a Threat
Malicious Intent Creates New Threat
Visualize Normal Users as Threats
Re-consider Attack Surface(s)
Capture 'Who', 'Where', and 'What'
Illuminate Assets
Illuminate Trust Boundaries
Postulate Attacks Against Assets
Evaluate Impact
Mitigate
7+1 Threat Modeling Steps
Acting on Threat Modeling Results
Simplifying Threat Modeling
Taught by
LASCON
Related Courses
Android Mobile Lifecycle and Software Development ApproachesMeta via Coursera AWS Flash - SaaS Technical Fundamentals
Amazon Web Services via AWS Skill Builder AWS SaaS Factory Architecture Track: SaaS Migration Strategies (Korean)
Amazon Web Services via AWS Skill Builder AWS SaaS Factory Architecture Track: SaaS Migration Strategies (Japanese) (日本語吹き替え版)
Amazon Web Services via AWS Skill Builder The Caltech-JPL Summer School on Big Data Analytics
California Institute of Technology via Coursera