YoVDO

Cloud Threat Modeling - From Architecture Design to Application Development

Offered By: RSA Conference via YouTube

Tags

RSA Conference Courses Cloud Security Courses Attack Surface Management Courses

Course Description

Overview

Explore cloud threat modeling techniques in this 40-minute RSA Conference talk by Randall Brooks and Jon-Michael Brook. Learn how to combat misconceptions about protecting everything from everyone by focusing on determining what to protect, who to protect it from, and how to protect it. Discover the importance of identifying attack surfaces to eliminate common architectural flaws. Delve into various aspects of threat modeling, including system/software-centric and attack-centric approaches, the five major steps, and the STRIDE threat categories. Examine real-world examples, such as the Home Alone attack tree and the Trojan threat model. Gain insights into cloud-specific threat modeling using the Cloud Security Alliance's Top Threats Working Group and Cloud Controls Matrix. Analyze a case study scenario involving Dow Jones 2019, and learn about asset provenance, pedigree, and threat modeling consistency. By the end of this talk, acquire practical knowledge on applying cloud threat modeling techniques to enhance security in architecture design and application development.

Syllabus

Intro
Why Threat Modeling?
Threat Modeling (System/Software Centric)
Attack Modeling (Attack Centric)
What To Consider When Threat Modeling
There are Five Major Threat Modeling Steps
Threat Modeling (with Common Attacks)
Threat Modeling (Attack Tree Example)
Home Alone Attack Tree (Example) - Continued
Simple Threat Model (Trojan Threat Model Example)
STRIDE Threat Categories
Cloud Security Alliance's Top Threats Working Group
Cloud Controls Matrix (CCM) 4.0 CCM
CSA Top Threats Cloud Threat Modeling
Cloud Threat Modeling Cards
TT:DD Case Study Scenario - Dow Jones 2019
Cloud Threat Modeling Asset Provenance & Pedigree
Same Elasticsearch "Product"; Different Vulnerabilities
Threat Modeling Consistency
Naming Threats
How To Apply What We Have Covered


Taught by

RSA Conference

Related Courses

Software Security: Keeping Pace with Rapid Development
ChariotSolutions via YouTube
ICS OSINT - An Attacker’s Perspective
RSA Conference via YouTube
Open Source Tooling for Threat Analysis and Attack Surface Management
RSA Conference via YouTube
Payload Delivery for Initial Access in Red Team Engagement
Hack In The Box Security Conference via YouTube
Manage Your Attack Surface on a Budget
BSidesLV via YouTube