Autoplay
Autocomplete
Previous Lecture
Complete and Continue
Threat Modeling Professional
Introduction
Course Introduction (7:16)
Activity: Tell Us About Your Learning Objectives
[Meeting] Schedule a Kickoff Meeting
References Used Throughout the Course
Chapter 1: Threat Modeling Overview
What is Threat Modeling? (10:35)
[Quiz] What is Threat Modeling?
The Threat Model Parlance (17:16)
[Quiz] The Threat Model Parlance
Security is a Balancing Act (7:43)
Design Flaws and Risk Rating (2:57)
Why Threat model? (5:19)
Other Security Practices (4:57)
Threat Modeling Frameworks and Methodologies (1:18)
Introduction To List Centric Threat Modeling (2:08)
Introduction To Asset Centric Threat Modeling (3:10)
Introduction To Software Centric Threat Modeling (2:41)
Introduction To Attacker Centric Threat Modeling (1:53)
[Quiz] Frameworks and Methodologies
Trust Boundaries vs. Attack Surfaces (3:08)
[Quiz] Trust Boundaries vs. Attack Surfaces
Modern Threat Modeling (14:32)
[Quiz] Modern Threat Modeling
Risk Management Strategies (6:12)
Avoiding Risks (3:01)
Mitigating Risks (3:06)
Accepting Risks (3:11)
Transferring Risks (1:43)
Ignoring Risks (1:02)
[Quiz] Risk Management Strategies
Summary (0:47)
[DevSecOps-labs] Getting Started With Labs
[DevSecOps-labs] Linux Basics
[Feedback] Share Your Feedback for Chapter 1
Chapter 2: Threat Modeling Basics
Threat Modeling and Security Requirements (2:56)
Threat Modeling vs Threat Rating (1:03)
Diagramming for Threat Modeling (8:53)
[Quiz] Diagramming for Threat Modeling
List Centric Threat Modeling (3:50)
Exploring the STRIDE Model (11:59)
[Quiz] Exploring the STRIDE Model
Pros and Cons of STRIDE (1:23)
STRIDE Defenses (7:51)
[Quiz] STRIDE Defenses
STRIDE Threat Examples (5:35)
Asset Centric Threat Modeling (2:31)
Attack Trees (1:15)
Attack Tree Analysis (7:22)
Attacker Centric Threat Modeling (5:52)
Using MITRE ATT&CK for Attacker Centric Threat Modeling (1:42)
Software Centric Threat Modeling (6:08)
[Quiz] Software Centric Threat Modeling
Other Threat Modeling Methodologies (5:26)
Gamified Threat Modeling Approaches (1:28)
Visual Card Games (2:03)
Adversary Card Games (4:48)
[Quiz] Gamified Threat Modeling Approaches
Introduction to Threat Rating (8:14)
OWASP Risk Rating Methodology (3:26)
Bug Bar (2:19)
Rapid Risk Assessment (4:32)
[Quiz] Introduction to Threat Rating
Summary (0:49)
[DevSecOps-labs] Getting Started With Threat Modeling
[Feedback] Share Your Feedback for Chapter 2
Chapter 3: Agile Threat Modeling
Agile Threat Modeling Approaches (1:13)
Threat Modeling Diagrams as Code (4:20)
Threat Modeling Inside The Code (8:19)
Threat Modeling as Code (6:42)
Compliance and Audit as Code (6:48)
Rapid Threat Model Prototyping (14:53)
[Quiz] Agile Threat Modeling Approaches
Security Requirements as Code With BDD Security (2:56)
Events of Agile Software Development Through Scrum (11:47)
[Quiz] Events of Agile Software Development Through Scrum
Writing Security Requirements for Agile Software Development (12:43)
[Quiz] Writing Security Requirements for Agile Software Development
Use Cases and Abuse Cases (2:16)
Privacy Impact Assessments and Security Requirements (4:45)
[Quiz] Privacy Impact Assessments and Security Requirements
Identifying Privacy Related Threats (15:28)
[Quiz] Identifying Privacy Related Threats
Summary (0:58)
[DevSecOps-labs] Writing Requirements in Threat Modeling
[DevSecOps-labs] Threat Modeling Using Code
[DevSecOps-labs] Privacy Modeling
[Meeting] Schedule a Mid-course Check-in Meeting
[Feedback] Share Your Feedback for Chapter 3
Chapter 4: Reporting and Deliverables
How To Manage Threat Models (2:18)
Managing Threat Models as Documents (5:33)
Managing Threat Models in a Backlog (2:59)
Managing Threat Models as Bugs and Tickets (8:28)
Managing Threat Models as Code (5:36)
Managing Threat Models through Automation (0:49)
[Quiz] How To Manage Threat Models
Threat Modeling Tools and Templates (7:22)
[Quiz] Threat Modeling Tools and Templates
Validating Threat Models (1:07)
Threat Model Versus Reality (3:19)
Are All Threats Accounted For Risk? (1:50)
Are All The Mitigations Tested? (5:50)
Are We Done Threat Modeling? (3:20)
[Quiz] Validating Threat Models
Summary (0:58)
[DevSecOps-labs] Threat Modeling With Tools
Demo: How To Create Custom Inspec Profile (19:54)
[DevSecOps-labs] Validating Threat Models
[Feedback] Share Your Feedback for Chapter 4
Chapter 5: Secure Design Principles
Principles of Secure Design (3:14)
Economy Of Mechanism (7:07)
Fail Safe Defaults (4:26)
Complete Mediation (2:28)
Open Design (2:31)
Separation Of Privilege (2:32)
Least Privilege (3:15)
Least Common Mechanism (1:51)
Psychological Acceptability (4:03)
[Quiz] Principles of Secure Design
Case Study of AWS S3 Threat Model (4:42)
Kubernetes Threat Model Case Study (13:08)
Case Study of very secure FTP daemon (15:51)
Summary (0:51)
[Feedback] Share Your Feedback for Chapter 5
Summary
Course Review and Summary (4:38)
Exam and Certification
Exam and Certification Process Lecture (21:33)
Steps to Apply for the Exam
[Activity] Schedule the Exam
Reschedule the Exam
Bonus Content
[DevSecOps Live] Proven Threat Modelling Tactics for DevOps (88:45)
[DevSecOps Live] Threat modeling with Code (64:47)
[DevSecOps Live] Threat Modeling Tales and Privacy Parables (64:11)
Course Completion Certificate
Certificate of Completion
[Quiz] Software Centric Threat Modeling
Lecture content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock