Application Threat Modeling Implementation Tips and Tricks
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore essential knowledge and valuable tips for designing and implementing application threat modeling in this 51-minute OWASP Foundation talk by Mohamed Alfateh. Learn structured approaches to identify, quantify, and address security risks throughout the SDLC process. Discover best practices for creating data flow diagrams (DFDs) for advanced scenarios, including microservices architecture and client-side frameworks. Gain insights into analyzing DFDs to uncover logical threats, selecting appropriate methodologies, and leveraging threat modeling frameworks. Cover topics such as asset identification, application architecture, communication flows, threat libraries, and risk analysis. Enhance your ability to conduct continuous threat modeling and understand threat agents to improve overall application security.
Syllabus
Introduction
Selection of Methodology
Application Threat Modeling Frameworks
Application Threat Modeling Scope
Asset Identification
Application Architecture
Communication
Data Flow Diagram
Web Application Data
Client Side Code
Connection Flow
Logical Flow
Dataflow Diagram
Threat Identification
Threat Libraries
Continuous Threat Modeling
Stride
Tips
Thread Traceability
Understanding Threat Agents
Risk Analysis
Taught by
OWASP Foundation
Related Courses
Modelado de Amenazas - Threat ModelingUdemy Performing Threat Modeling with the Microsoft Threat Modeling Methodology
Pluralsight Computer Vision with GluonCV (Spanish)
Amazon Web Services via AWS Skill Builder Threat Modeling: Spoofing In Depth
LinkedIn Learning OWASP top 10 Web Application Security for Absolute Beginners
Udemy