
Paths
Threat Modeling
Threat Modeling aims to improve security through the practice of identifying threats, attacks vulnerabilities for the purpose of defining countermeasures to prevent or mitigate... Read more
- The fundamentals concepts of threat modeling and its purpose
- How to apply threat, attack and risk classification systems
- How to create data flow diagrams
- How to an improved threat modeling process
- How to create a threat model with the Microsoft Threat Modeling Methodology
- How to create a threat model with the OCTAVE Methodology
- How to create a threat model with the PASTA Methodology Diagram threat models with the Microsoft Threat Modeling Tool
Pre-requisites
Knowledge of application development Knowledge of enterprise systems architecture, including platforms, networks, applications, databases and operating systems Knowledge of fundamental information security concepts
Threat Modeling path
Threat modeling is an engineering technique, or structured process, that can be used to help to identify potential threats, attacks, vulnerabilities and countermeasures that could impact your applications. These courses have been designed to help you to understand how to use threat modeling to shape your application's design, meet your company's security objectives and reduce risk.
Threat Modeling Fundamentals
1h 29m
Description
Security is important. You want to build more secure applications. You don't want to bolt on security afterwards, but you want to make sure it's there from the get-go - for each project. Threat Modeling is a growing field of interest for software developers, architects and security professionals. With good reason, as this can be a very effective way to accomplish those goals. In this course, Threat Modeling Fundamentals, you'll dive deeper into the fundamentals of threat modeling including a short exercise to help you follow along. First, you'll discover what the pro's and cons are of each methodology. Next, you'll explore how to draw data flow diagrams for threat modeling. Then, you'll learn how to perform the generic threat model process. Finally, you'll cover what common pitfalls are and how to work around those. By the end of this course, you'll be familiar with all popular threat modeling approaches and methodologies.
This course teaches you the fundamentals of threat modeling . After watching this course, you will know the fundamentals of threat modeling; the various approaches, methodologies, and their differences; and how to perform the generic threat modeling process.
Table of contents
- Course Overview
- Threat Modeling, the What, Why, Who, and When
- Choosing the Right Approach
- Choosing the Right Methodology
- Threat Modeling in Practice
- Improving Threat Modeling
Performing Threat Modeling with the Microsoft Threat Modeling Methodology
1h 46m
Description
Finding security bugs after the software has been built can lead to two things: exploitation of the bug in the wild, or spending a fortune to fix it. In this course, Performing Threat Modeling with the Microsoft Threat Modeling Methodology, you will gain the ability to analyze your software and find threats to it before any line of code is written. First, you will learn how to diagram an application to clearly show how all of its parts work together. Next, you will discover how to use diagrams to find threats using techniques such as STRIDE. Finally, you will explore how to document and mitigate threats to your software. When you’re finished with this course, you will have the skills and knowledge of threat modeling needed to anticipate threats and deal with them before they cause damage.
Table of contents
- Course Overview
- Introduction
- Bringing Threat Modeling to Your Organization
- Building the Foundation - Diagramming the Application
- Finding Threats Using STRIDE
- Finding Threats with Alternative Methods
- Documenting Threats
- Dealing with Threats
- Wrapping Up
Performing Threat Modeling with the OCTAVE Methodology
1h 15m
Description
Creating a protection plan to protect your organizations critical assets can be a daunting task. In this course, Performing Threat Modeling with the OCTAVE Methodology, you will utilize the OCTAVE methodology. First, you will learn how to create security requirements. Next, you will learn how to identify infrastructure vulnerabilities. Finally, you will use the information gathered in the methodology to create an overarching security plan that reduces risk, and can be used on a continual basis. When you are finished with the course, you will have the skills and knowledge of performing the OCTAVE Methodology to reduce risk, identify critical assets, and infrastructure vulnerabilities needed to create a security program that is customized to your organization.
Table of contents
- Course Overview
- Defining OCTAVE Method Structure
- Building Security Requirements
- Identifying Infrastructure Vulnerabilities
- Determining Security Risk Management Strategy
Performing Threat Modeling with the PASTA Methodology
1h 4m
Description
If you are familiar with threat modeling as an exercise, you would know that threat modeling involves identification of threats and vulnerabilities in the context of your applications. In this course, Performing Threat Modeling with the PASTA Methodology, you’ll learn to build application threat models using PASTA methodology. First, you’ll explore the fundamentals of threat modeling. Next, you’ll discover how to dissect applications into smaller components followed by threat, vulnerability, and weakness analysis. Finally, you’ll learn how to build attack models. When you’re finished with this course, you’ll have the skills and knowledge of PASTA methodology needed to conduct threat modeling.
Table of contents
- Course Overview
- Describing the PASTA Methodology
- Defining Business Objectives and Scope Definition
- Definition of Technical Scope
- Performing Application Decomposition
- Conducting Threat, Vulnerability, and Weakness Analysis
- Performing Attack Modeling and Computing Risk and Impact Analysis
- Case Studies on Utilizing PASTA
Threat Modeling with the Microsoft Threat Modeling Tool
2h 13m
Description
Threat modeling is an activity that can be performed by anyone that would like to create secure systems. Microsoft has released a free tool to assist with this task. In this course, Threat Modeling with the Microsoft Threat Modeling Tool, you'll learn how to use the Microsoft Threat Modeling Tool to perform application threat modeling. First, you'll discover that the software-centric threat modeling approach is greatly enhanced by taking advantage of the Microsoft Threat Modeling Tool. Next, through practical demonstration, you'll see that the tool will automatically generate a listing of threats for you. Finally, you'll also learn the ability to personalize aspects of the threat modeling application so that it becomes ideal for your needs. By the end of this course, you'll be comfortable with using Microsoft’s Threat Modeling Tool to find threats associated with your applications.
Table of contents
- Course Overview
- Setting up Your Microsoft Threat Modeling Tool 2016 Environment
- Building Your First Data Flow Diagram Model
- Identifying and Managing Threats
- Customizing Microsoft Threat Modeling Tool 2016 Functionality
Building and Leading an Effective Threat Modeling Program
1h 31m
Description
A successful threat modeling program will quantifiably improve the security of your organization's critical applications and business solutions.
In this course, Building and Leading an Effective Threat Modeling Program, you’ll gain the ability to plan, execute, and manage your own threat modeling program at scale within your organization.
- First, you’ll learn how to prepare a compelling business case to get your program underway.
- Next, you’ll discover how to create an effective program plan, structured around the dimensions of people, processes, and technology.
- Finally, you’ll explore how to effectively manage and monitor your program to ensure it delivers ongoing successful results.
Table of contents
- Course Overview
- Preparing the Business Case
- Founding Principles
- Planning for Improvement
- Measuring Success