This course teaches a technique for performing threat modeling in ongoing projects without a prohibitive initial time investment. The learning outcomes include understanding threat modeling, creating Data Flow Diagrams, applying the STRIDE framework, identifying relevant threats, and addressing security caveats. The teaching method involves a lecture-style presentation. The intended audience for this course is developers working on existing complex projects who want to enhance security on an architectural level.
Overview
Syllabus
Intro
Threat modelling - reminder
Data Flow Diagrams
STRIDE
Introducing our example
A very simple architecture
Now pretend to forget it
Last step
Relevant Threats
How to make them go away
Caveats
What if implementation deviates from design?
Looks familiar?
This does not work in security!
Eventually need the whole picture
Eventually is better than upfront
Conclusion
Points of contact
Taught by
OWASP Foundation
