Learning Threat Modeling for Security Professionals, Course by: Adam Shostack

Course by: Adam Shostack

Overview:

In the twenty-first century, no one doubts the importance of cybersecurity. Threat modeling is where it starts. Threat modeling is a framework for thinking about what can go wrong, and the foundation for everything a security professional does.

This training course provides an overview of the traditional four-question framework for (1) defining what you’re working on, (2) discovering what can go wrong, (3) deciding what to do about it, and (4) ensuring you’ve done the right things in the right ways for the systems you’re delivering.

Instructor Adam Shostack also reviews the STRIDE model for identifying six types of threats: spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege.

Using a simple case study—a billing system for a media server that serves ads—Adam shows how to apply the principles and find security and privacy problems so the developer can include appropriate configurations and controls as part of the operational design and rollout.

Areas covered by Adam in this course:

  • Develop secure products
  • Why would you threat model?
  • A simple approach to threat modeling
There are 2 main parts of the course in which Adam explained the things in details.

1. The Four Question Framework
  • What are we working on?
  • What can go Wrong?
  • What are we going to do about it?
  • Did we do a good job?
2. STRIDE
  • Spoofing a specific server
  • Tampering with a file
  • Interlude: scope and timing
  • Repudiating an order
  • Information disclosure
  • Denial of service
  • Elevation of privilege
Visit https://www.linkedin.com/learning/learning-threat-modeling-for-security-professionals for complete information about the course and other technical details.

Comments

Post a Comment

Popular posts from this blog

A Review of Adam Shostack’s “Threat Modeling”

Adam Shostack lives and works in Seattle, Washington, as the President of Shostack & Associates. He has more than a decade of experience in information security, much of which he spent at Microsoft, and he’s passionate about his field. He’s the author of Threat Modeling: Designing for Security (Wiley, 2014), which continues to receive excellent reader reviews years after launch. One such review of Adam Shostack’s Threat Modeling: Designing for Security is highlighted below: ·          “Adam is the expert of threat modeling and presented a talk at Blackhat 2018 covering the most current threats and they are easily folding into the existing threat model. The book is easy to read and understand. Highly recommend for every security professional.” Click here to buy the book on Amazon. Want to keep reading about Adam Shostack’s career as a cybersecurity game changer? If so, head to adam.shostack.org for complete information on his professional accomplishments, publis
Read more

Adam Shostack: Passionate Professional

Adam Shostack is a successful leader, entrepreneur, technologist and game designer. He’s also the President of Shostack & Associates in Seattle, Washington, and he specializes in cybersecurity. Mr. Shostack has more than a decade of experience and an excellent reputation in his field among both clients and colleagues.  Visit  https://www.darkreading.com/author-bio.asp?author_id=2432& to know more about him. He’s passionate about information security and privacy, particularly at the intersection of technology and people, and his successes reflect it well. Adam Shostack is also the author of Threat Modeling: Designing for Security (Wiley, 2014) and the co-author of The New School of Information Security (Addison-Wesley, 2008). Looking for additional information on Adam Shostack’s career as a cybersecurity visionary? Head to his Twitter page here for his latest updates on his work, content production, public speaking events and more.
Read more