Threat Modeling

Paths

Threat Modeling

Authors: Peter Mosmans, Justin Boyer, Shaila Rana, Prashant Pandey, Lee Allen, Alan Monnox

Threat Modeling aims to improve security through the practice of identifying threats, attacks vulnerabilities for the purpose of defining countermeasures to prevent or mitigate... Read more

  • The fundamentals concepts of threat modeling and its purpose
  • How to apply threat, attack and risk classification systems
  • How to create data flow diagrams
  • How to an improved threat modeling process
  • How to create a threat model with the Microsoft Threat Modeling Methodology
  • How to create a threat model with the OCTAVE Methodology
  • How to create a threat model with the PASTA Methodology Diagram threat models with the Microsoft Threat Modeling Tool

Pre-requisites

Knowledge of application development Knowledge of enterprise systems architecture, including platforms, networks, applications, databases and operating systems Knowledge of fundamental information security concepts

Threat Modeling path

Threat modeling is an engineering technique, or structured process, that can be used to help to identify potential threats, attacks, vulnerabilities and countermeasures that could impact your applications. These courses have been designed to help you to understand how to use threat modeling to shape your application's design, meet your company's security objectives and reduce risk.

Threat Modeling Fundamentals

by Peter Mosmans

Aug 14, 2017 / 1h 29m

1h 29m

Start Course
Description

Security is important. You want to build more secure applications. You don't want to bolt on security afterwards, but you want to make sure it's there from the get-go - for each project. Threat Modeling is a growing field of interest for software developers, architects and security professionals. With good reason, as this can be a very effective way to accomplish those goals. In this course, Threat Modeling Fundamentals, you'll dive deeper into the fundamentals of threat modeling including a short exercise to help you follow along. First, you'll discover what the pro's and cons are of each methodology. Next, you'll explore how to draw data flow diagrams for threat modeling. Then, you'll learn how to perform the generic threat model process. Finally, you'll cover what common pitfalls are and how to work around those. By the end of this course, you'll be familiar with all popular threat modeling approaches and methodologies.

This course teaches you the fundamentals of threat modeling . After watching this course, you will know the fundamentals of threat modeling; the various approaches, methodologies, and their differences; and how to perform the generic threat modeling process.

Table of contents
  1. Course Overview
  2. Threat Modeling, the What, Why, Who, and When
  3. Choosing the Right Approach
  4. Choosing the Right Methodology
  5. Threat Modeling in Practice
  6. Improving Threat Modeling

Performing Threat Modeling with the Microsoft Threat Modeling Methodology

by Justin Boyer

Oct 2, 2018 / 1h 46m

1h 46m

Start Course
Description

Finding security bugs after the software has been built can lead to two things: exploitation of the bug in the wild, or spending a fortune to fix it. In this course, Performing Threat Modeling with the Microsoft Threat Modeling Methodology, you will gain the ability to analyze your software and find threats to it before any line of code is written. First, you will learn how to diagram an application to clearly show how all of its parts work together. Next, you will discover how to use diagrams to find threats using techniques such as STRIDE. Finally, you will explore how to document and mitigate threats to your software. When you’re finished with this course, you will have the skills and knowledge of threat modeling needed to anticipate threats and deal with them before they cause damage.

Table of contents
  1. Course Overview
  2. Introduction
  3. Bringing Threat Modeling to Your Organization
  4. Building the Foundation - Diagramming the Application
  5. Finding Threats Using STRIDE
  6. Finding Threats with Alternative Methods
  7. Documenting Threats
  8. Dealing with Threats
  9. Wrapping Up

Performing Threat Modeling with the OCTAVE Methodology

by Shaila Rana

Aug 26, 2020 / 1h 15m

1h 15m

Start Course
Description

Creating a protection plan to protect your organizations critical assets can be a daunting task. In this course, Performing Threat Modeling with the OCTAVE Methodology, you will utilize the OCTAVE methodology. First, you will learn how to create security requirements. Next, you will learn how to identify infrastructure vulnerabilities. Finally, you will use the information gathered in the methodology to create an overarching security plan that reduces risk, and can be used on a continual basis. When you are finished with the course, you will have the skills and knowledge of performing the OCTAVE Methodology to reduce risk, identify critical assets, and infrastructure vulnerabilities needed to create a security program that is customized to your organization.

Table of contents
  1. Course Overview
  2. Defining OCTAVE Method Structure
  3. Building Security Requirements
  4. Identifying Infrastructure Vulnerabilities
  5. Determining Security Risk Management Strategy

Performing Threat Modeling with the PASTA Methodology

by Prashant Pandey

Oct 20, 2020 / 1h 4m

1h 4m

Start Course
Description

If you are familiar with threat modeling as an exercise, you would know that threat modeling involves identification of threats and vulnerabilities in the context of your applications. In this course, Performing Threat Modeling with the PASTA Methodology, you’ll learn to build application threat models using PASTA methodology. First, you’ll explore the fundamentals of threat modeling. Next, you’ll discover how to dissect applications into smaller components followed by threat, vulnerability, and weakness analysis. Finally, you’ll learn how to build attack models. When you’re finished with this course, you’ll have the skills and knowledge of PASTA methodology needed to conduct threat modeling.

Table of contents
  1. Course Overview
  2. Describing the PASTA Methodology
  3. Defining Business Objectives and Scope Definition
  4. Definition of Technical Scope
  5. Performing Application Decomposition
  6. Conducting Threat, Vulnerability, and Weakness Analysis
  7. Performing Attack Modeling and Computing Risk and Impact Analysis
  8. Case Studies on Utilizing PASTA

Threat Modeling with the Microsoft Threat Modeling Tool

by Lee Allen

Sep 20, 2018 / 2h 13m

2h 13m

Start Course
Description

Threat modeling is an activity that can be performed by anyone that would like to create secure systems. Microsoft has released a free tool to assist with this task. In this course, Threat Modeling with the Microsoft Threat Modeling Tool, you'll learn how to use the Microsoft Threat Modeling Tool to perform application threat modeling. First, you'll discover that the software-centric threat modeling approach is greatly enhanced by taking advantage of the Microsoft Threat Modeling Tool. Next, through practical demonstration, you'll see that the tool will automatically generate a listing of threats for you. Finally, you'll also learn the ability to personalize aspects of the threat modeling application so that it becomes ideal for your needs. By the end of this course, you'll be comfortable with using Microsoft’s Threat Modeling Tool to find threats associated with your applications.

Table of contents
  1. Course Overview
  2. Setting up Your Microsoft Threat Modeling Tool 2016 Environment
  3. Building Your First Data Flow Diagram Model
  4. Identifying and Managing Threats
  5. Customizing Microsoft Threat Modeling Tool 2016 Functionality

Building and Leading an Effective Threat Modeling Program

by Alan Monnox

May 8, 2020 / 1h 31m

1h 31m

Start Course
Description

A successful threat modeling program will quantifiably improve the security of your organization's critical applications and business solutions. In this course, Building and Leading an Effective Threat Modeling Program, you’ll gain the ability to plan, execute, and manage your own threat modeling program at scale within your organization. First, you’ll learn how to prepare a compelling business case to get your program underway. Next, you’ll discover how to create an effective program plan, structured around the dimensions of people, processes, and technology. Finally, you’ll explore how to effectively manage and monitor your program to ensure it delivers ongoing successful results. When you’re finished with this course, you’ll have the skills and knowledge necessary to build and lead your own effective threat modeling program. Software required: none.

Table of contents
  1. Course Overview
  2. Preparing the Business Case
  3. Founding Principles
  4. Planning for Improvement
  5. Measuring Success
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit