Threat modeling helps security professionals understand what can go wrong—and what to do about it. Learn to use the four-question and STRIDE frameworks for threat modeling.
Overview
Syllabus
Introduction
- Develop secure products
- Why would you threat model?
- A simple approach to threat modeling
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good job?
- Spoofing a specific server
- Tampering with a file
- Interlude: Scope and timing
- Repudiating an order
- Information disclosure
- Denial of service
- Elevation of privilege
- Next steps
Taught by
Adam Shostack
