Finding security bugs after the software has been built can lead to two things: exploitation of the bug in the wild, or spending a fortune to fix it. In this course, Performing Threat Modeling with the Microsoft Threat Modeling Methodology, you will gain the ability to analyze your software and find threats to it before any line of code is written. First, you will learn how to diagram an application to clearly show how all of its parts work together. Next, you will discover how to use diagrams to find threats using techniques such as STRIDE. Finally, you will explore how to document and mitigate threats to your software. When you’re finished with this course, you will have the skills and knowledge of threat modeling needed to anticipate threats and deal with them before they cause damage.
Course Overview Hi everyone. My name is Justin Boyer, and welcome to my course, Performing Threat Modeling with the Microsoft Threat Modeling Methodology. Threat modeling is essential to building secure software. You can't defend your software from attackers if you don't know who they are or how they'll attack it. This course is your ticket to safe software. I'll guide you through a true-to-life scenario of what happens when you don't threat model. Then we'll learn how to do it right. Some of the major topics that we'll cover include the consequences of ignoring threat modeling, what Microsoft's threat modeling methodology is, what are the various pieces that make it up, how to perform threat modeling using Microsoft's methodology, and how to introduce threat modeling into your organization whether you're using agile or waterfall practices. By the end of this course, you'll be comfortable using several techniques to find threats against your software. You'll be prepared to anticipate attacks and defend against them. Before beginning the course, you should be familiar with the basics of software development, and basic application security concepts. I hope you'll join me on this journey to learn threat modeling with the Performing Threat Modeling with the Microsoft Threat Modeling Methodology course at Pluralsight.