Threat Modeling Fundamentals: Debug Your Security Design through Whiteboard Hacking

Threat Modeling Fundamentals: Debug Your Security Design through Whiteboard Hacking

by Sebastien Deleersnyder
Released April 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 0790145435989

Watch it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

This course is designed to help you understand and apply threat modeling, critical for ensuring software security. Through practical exercises on a fictional E-Bike Rental App, you will gain the skills to systematically perform threat modeling. The course introduces an iterative and incremental approach to threat modeling that integrates into agile development practices. It is tailored for application security champions, software architects, and IT security specialists.

Upon completing this course, you will have the capability to create, update, and manage your own threat models. This expertise will enable you to systematically pinpoint potential vulnerabilities in your products. Moreover, the course emphasizes the significance of utilizing threat modeling as a tool to raise awareness among your teams and stakeholders. You will learn how to effectively communicate security and privacy concerns, fostering a shared understanding and commitment to software assurance within your team.

What you’ll learn and how to apply it

By the end of this on-demand course, you’ll understand:

  • Where threat modeling fits in a secure development lifecycle
  • The benefits of threat modeling
  • The different stages of threat modeling
  • The STRIDE model (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege)
  • Security design mitigations
  • How to prioritize and fix threat modeling findings

And you’ll be able to:

  • Create and update your own threat models with an incremental technique
  • Identify design flaws in your software
  • Use threat modeling as an awareness tool for your team and stakeholders
  • Get your team on the same page with a shared vision on security and privacy

This course is for you because you are one or more of the following

  • Application security champion
  • Software architect
  • IT security specialist
  • Development team member
  • DevOps team member

Prerequisites

  • Familiarity with core principles of software engineering and basic security concepts.

Course Materials

Product information

  • Title: Threat Modeling Fundamentals: Debug Your Security Design through Whiteboard Hacking
  • Author(s): Sebastien Deleersnyder
  • Release date: April 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 0790145435989