Threat Modeling

Description

Security is important. You want to build more secure applications. You don't want to bolt on security afterwards, but you want to make sure it's there from the get-go - for each project. Threat Modeling is a growing field of interest for software developers, architects and security professionals. With good reason, as this can be a very effective way to accomplish those goals. In this course, Threat Modeling Fundamentals, you'll dive deeper into the fundamentals of threat modeling including a short exercise to help you follow along. First, you'll discover what the pro's and cons are of each methodology. Next, you'll explore how to draw data flow diagrams for threat modeling. Then, you'll learn how to perform the generic threat model process. Finally, you'll cover what common pitfalls are and how to work around those. By the end of this course, you'll be familiar with all popular threat modeling approaches and methodologies.

This course teaches you the fundamentals of threat modeling . After watching this course, you will know the fundamentals of threat modeling; the various approaches, methodologies, and their differences; and how to perform the generic threat modeling process.

Description

Finding security bugs after the software has been built can lead to two things: exploitation of the bug in the wild, or spending a fortune to fix it. In this course, Performing Threat Modeling with the Microsoft Threat Modeling Methodology, you will gain the ability to analyze your software and find threats to it before any line of code is written. First, you will learn how to diagram an application to clearly show how all of its parts work together. Next, you will discover how to use diagrams to find threats using techniques such as STRIDE. Finally, you will explore how to document and mitigate threats to your software. When you’re finished with this course, you will have the skills and knowledge of threat modeling needed to anticipate threats and deal with them before they cause damage.

Description

Creating a protection plan to protect your organizations critical assets can be a daunting task. In this course, Performing Threat Modeling with the OCTAVE Methodology, you will utilize the OCTAVE methodology. First, you will learn how to create security requirements. Next, you will learn how to identify infrastructure vulnerabilities. Finally, you will use the information gathered in the methodology to create an overarching security plan that reduces risk, and can be used on a continual basis. When you are finished with the course, you will have the skills and knowledge of performing the OCTAVE Methodology to reduce risk, identify critical assets, and infrastructure vulnerabilities needed to create a security program that is customized to your organization.

Description

If you are familiar with threat modeling as an exercise, you would know that threat modeling involves identification of threats and vulnerabilities in the context of your applications. In this course, Performing Threat Modeling with the PASTA Methodology, you’ll learn to build application threat models using PASTA methodology. First, you’ll explore the fundamentals of threat modeling. Next, you’ll discover how to dissect applications into smaller components followed by threat, vulnerability, and weakness analysis. Finally, you’ll learn how to build attack models. When you’re finished with this course, you’ll have the skills and knowledge of PASTA methodology needed to conduct threat modeling.

Description

Threat modeling is an activity that can be performed by anyone that would like to create secure systems. Microsoft has released a free tool to assist with this task. In this course, Threat Modeling with the Microsoft Threat Modeling Tool, you'll learn how to use the Microsoft Threat Modeling Tool to perform application threat modeling. First, you'll discover that the software-centric threat modeling approach is greatly enhanced by taking advantage of the Microsoft Threat Modeling Tool. Next, through practical demonstration, you'll see that the tool will automatically generate a listing of threats for you. Finally, you'll also learn the ability to personalize aspects of the threat modeling application so that it becomes ideal for your needs. By the end of this course, you'll be comfortable with using Microsoft’s Threat Modeling Tool to find threats associated with your applications.

Description

A successful threat modeling program will quantifiably improve the security of your organization's critical applications and business solutions. In this course, Building and Leading an Effective Threat Modeling Program, you’ll gain the ability to plan, execute, and manage your own threat modeling program at scale within your organization. First, you’ll learn how to prepare a compelling business case to get your program underway. Next, you’ll discover how to create an effective program plan, structured around the dimensions of people, processes, and technology. Finally, you’ll explore how to effectively manage and monitor your program to ensure it delivers ongoing successful results. When you’re finished with this course, you’ll have the skills and knowledge necessary to build and lead your own effective threat modeling program. Software required: none.