Description
Course info
Rating
(12)
Level
Intermediate
Updated
Sep 20, 2018
Duration
2h 13m
Description

Threat modeling is an activity that can be performed by anyone that would like to create secure systems. Microsoft has released a free tool to assist with this task. In this course, Threat Modeling with the Microsoft Threat Modeling Tool, you'll learn how to use the Microsoft Threat Modeling Tool to perform application threat modeling. First, you'll discover that the software-centric threat modeling approach is greatly enhanced by taking advantage of the Microsoft Threat Modeling Tool. Next, through practical demonstration, you'll see that the tool will automatically generate a listing of threats for you. Finally, you'll also learn the ability to personalize aspects of the threat modeling application so that it becomes ideal for your needs. By the end of this course, you'll be comfortable with using Microsoft’s Threat Modeling Tool to find threats associated with your applications.

About the author
About the author

Lee Allen is a penetration tester by trade. Lee has authored four books about penetration testing and has created several Pluralsight courses.

More from the author
Threat Modeling: The Big Picture
Beginner
1h 5m
Jun 27, 2017
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Lee Allen, and welcome to my course, Threat Modeling with the Microsoft Threat Modeling Tool. I'm a security professional specializing in application security and I've been working in the security industry for more than 15 years. Did you know that you do not need to be a security professional in order to preform threat modeling? By leveraging tools such as the Microsoft Threat Modeling Tool you automatically find potential threats by creating diagrams that describe the data flows of your applications. In this course, we're going to get you comfortable with using the Microsoft Threat Modeling Tool with understanding the processes used to preform threat modeling for your applications and creating data flow diagrams using the Microsoft Threat Modeling Tool. You're also going to learn about adding your own templates, threats, stencils, and threat properties during this course. By the end of all of this, you're going to have everything you need to start threat modeling your own applications, leveraging the Microsoft Threat Modeling Tool. Now, that being said, before beginning this course, you should probably be familiar with the basic concepts of threat modeling. I hope that you'll join me on this journey to learn threat modeling with the Microsoft Threat Modeling Tool course, at Pluralsight.

Building Your First Data Flow Diagram Model
Building Your First Data Flow Diagram. Building a data flow diagram is an important aspect of threat modeling with the Microsoft Threat Modeling Tool. In this module we're going to dive into what it takes to build your own models, and what these should look like, and what they represent. You're going to be introduced to the Globomantics scenario that's used throughout this course to tell a story of how an organization can leverage the Microsoft Threat Modeling Tool in their environments. You will learn about preliminary activities that will help ensure the success of your threat modeling exercise, and will be walked through what a data flow diagram is and what the different elements represent. This is then followed up by a demonstration of how you can build your first data flow diagram.

Identifying and Managing Threats
Identifying and Managing Threats. In this section of the course you learn that the Microsoft Threat Modeling Tool can be leveraged to automatically identify threats using data flow diagrams. In this module we are going to cover the different types of threats that are out there and how we can leverage the STRIDE pneumonic created by Microsoft to help us find them even if you are not a security professional. STRIDE is a categorization of the different threat types that are out there, and stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial Of Service, and Escalation Of Privilege. You will learn how to use the Threat Modeling Tool to automatically identify these threats for you and then use this generated output to makes notes, prioritize, and otherwise manage the threats that have been found within the Microsoft Threat Modeling Tool. And we then look at generating reports and understanding their contents.

Customizing Microsoft Threat Modeling Tool 2016 Functionality
Customizing Microsoft Threat Modeling Tool Functionality. In this module you will learn how you can leverage the flexibility of the Microsoft Threat Modeling Tool in order to customize certain elements, such as threats, stencils, and templates to match the needs of your particular organization. In This final section of the course you will learn about the various customization options that are available to you when creating or modifying templates. This will be followed by demonstrations of creating new templates, modifying existing templates, modifying and adding new stencils, modifying and adding new threats, and also modifying and adding new threat properties.