Securing Open Source Through Threat Modeling
Offered By: Linux Foundation via YouTube
Course Description
Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the art of identifying attack surfaces and securing open source code through threat modeling in this 37-minute conference talk by Aviv Sasson and Daniel Prizmant from Palo Alto Networks. Discover the importance and benefits of threat modeling for open source projects, and learn how attackers utilize this technique to find vulnerabilities. Dive into the technicalities of the threat modeling process, including setting clear objectives, understanding application functionality, and identifying potential vulnerabilities using frameworks like CWE and STRIDE. Gain insights from real-world examples of vulnerabilities found in major open source projects, and understand the challenges of supply chain attacks, outdated libraries, and legacy code. Learn about mitigation strategies and the limitations of security products while acquiring practical knowledge to enhance the security of open source software.
Syllabus
Introduction
Agenda
What is Threat Modeling
Why should we do Threat Modeling
Threat Modeling 101
Threat Modeling in the Beginning
Advanced Threat Modeling
Known vs unknown vulnerabilities
Setting clear objectives
Understanding how the application works
What can go wrong
CWE
OSS Top 10
Stride
Verification
Supply Chain Attacks
What is Supply Chain Attack
Outdated Libraries
You are not the target
OpenSSL
Informationally
Legacy code
Automatic tools
Mitigation
Problems with security products
Summary
Taught by
Linux Foundation
Tags
Related Courses
RISK MANAGEMENT IN AGRICULTURAL BUSINESS AND FINANCINGState Bank of India via edX ¿Cómo hacer uso responsable de la inteligencia artificial?
Inter-American Development Bank via edX AWS Well-Architected Foundations (Thai)
Amazon Web Services via AWS Skill Builder Capstone: Following the AWS Well Architected Framework
Amazon Web Services via Coursera Bushfires: Response, Relief, and Resilience
University of Newcastle via FutureLearn