YoVDO

Securing Open Source Through Threat Modeling

Offered By: Linux Foundation via YouTube

Tags

Threat Modeling Courses Cybersecurity Courses Software Security Courses Risk Mitigation Courses Vulnerability Assessment Courses Supply Chain Attacks Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the art of identifying attack surfaces and securing open source code through threat modeling in this 37-minute conference talk by Aviv Sasson and Daniel Prizmant from Palo Alto Networks. Discover the importance and benefits of threat modeling for open source projects, and learn how attackers utilize this technique to find vulnerabilities. Dive into the technicalities of the threat modeling process, including setting clear objectives, understanding application functionality, and identifying potential vulnerabilities using frameworks like CWE and STRIDE. Gain insights from real-world examples of vulnerabilities found in major open source projects, and understand the challenges of supply chain attacks, outdated libraries, and legacy code. Learn about mitigation strategies and the limitations of security products while acquiring practical knowledge to enhance the security of open source software.

Syllabus

Introduction
Agenda
What is Threat Modeling
Why should we do Threat Modeling
Threat Modeling 101
Threat Modeling in the Beginning
Advanced Threat Modeling
Known vs unknown vulnerabilities
Setting clear objectives
Understanding how the application works
What can go wrong
CWE
OSS Top 10
Stride
Verification
Supply Chain Attacks
What is Supply Chain Attack
Outdated Libraries
You are not the target
OpenSSL
Informationally
Legacy code
Automatic tools
Mitigation
Problems with security products
Summary


Taught by

Linux Foundation

Tags

Related Courses

RISK MANAGEMENT IN AGRICULTURAL BUSINESS AND FINANCING
State Bank of India via edX
¿Cómo hacer uso responsable de la inteligencia artificial?
Inter-American Development Bank via edX
AWS Well-Architected Foundations (Thai)
Amazon Web Services via AWS Skill Builder
Capstone: Following the AWS Well Architected Framework
Amazon Web Services via Coursera
Bushfires: Response, Relief, and Resilience
University of Newcastle via FutureLearn