Performing Threat Modeling with the Microsoft Threat Modeling Methodology

Tired of finding security bugs after the code is written? Finding bugs late is dangerous and expensive. In this course, you'll learn techniques for threat modeling, before it's too late.
Course info
Rating
(10)
Level
Intermediate
Updated
Oct 2, 2018
Duration
1h 47m
Table of contents
Description
Course info
Rating
(10)
Level
Intermediate
Updated
Oct 2, 2018
Duration
1h 47m
Description

Finding security bugs after the software has been built can lead to two things: exploitation of the bug in the wild, or spending a fortune to fix it. In this course, Performing Threat Modeling with the Microsoft Threat Modeling Methodology, you will gain the ability to analyze your software and find threats to it before any line of code is written. First, you will learn how to diagram an application to clearly show how all of its parts work together. Next, you will discover how to use diagrams to find threats using techniques such as STRIDE. Finally, you will explore how to document and mitigate threats to your software. When you’re finished with this course, you will have the skills and knowledge of threat modeling needed to anticipate threats and deal with them before they cause damage.

About the author
About the author

Justin Boyer writes copy and content for tech companies. He started his IT career as a software developer, then moved into application security, becoming Security+ and CSSLP certified. You can check him out at https://greenmachinesec.com.

More from the author
Practical Cryptography in Node.js
Intermediate
1h 23m
Feb 5, 2019
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Justin Boyer, and welcome to my course, Performing Threat Modeling with the Microsoft Threat Modeling Methodology. Threat modeling is essential to building secure software. You can't defend your software from attackers if you don't know who they are or how they'll attack it. This course is your ticket to safe software. I'll guide you through a true-to-life scenario of what happens when you don't threat model. Then we'll learn how to do it right. Some of the major topics that we'll cover include the consequences of ignoring threat modeling, what Microsoft's threat modeling methodology is, what are the various pieces that make it up, how to perform threat modeling using Microsoft's methodology, and how to introduce threat modeling into your organization whether you're using agile or waterfall practices. By the end of this course, you'll be comfortable using several techniques to find threats against your software. You'll be prepared to anticipate attacks and defend against them. Before beginning the course, you should be familiar with the basics of software development, and basic application security concepts. I hope you'll join me on this journey to learn threat modeling with the Performing Threat Modeling with the Microsoft Threat Modeling Methodology course at Pluralsight.