Autoplay
Autocomplete
Previous Lecture
Complete and Continue
Threat Modeling Professional
Introduction
Course Introduction
[Meeting] Schedule a Kickoff Meeting
References Used Throughout the Course
Chapter 1: Threat Modeling Overview
What is Threat Modeling?
[Quiz] What is Threat Modeling?
The Threat Model Parlance
[Quiz] The Threat Model Parlance
Security is a Balancing Act
Design Flaws and Risk Rating
Why Threat model?
Other Security Practices
Threat Modeling Frameworks and Methodologies
Introduction To List Centric Threat Modeling
Introduction To Asset Centric Threat Modeling
Introduction To Software Centric Threat Modeling
Introduction To Attacker Centric Threat Modeling
[Quiz] Frameworks and Methodologies
Trust Boundaries vs. Attack Surfaces
[Quiz] Trust Boundaries vs. Attack Surfaces
Modern Threat Modeling
[Quiz] Modern Threat Modeling
Risk Management Strategies
Avoiding Risks
Mitigating Risks
Accepting Risks
Transferring Risks
Ignoring Risks
[Quiz] Risk Management Strategies
Summary
[DevSecOps-labs] Getting Started With Labs
[DevSecOps-labs] Linux Basics
Chapter 2: Threat Modeling Basics
Threat Modeling and Security Requirements
Threat Modeling vs Threat Rating
Diagramming for Threat Modeling
[Quiz] Diagramming for Threat Modeling
List Centric Threat Modeling
Exploring the STRIDE Model
[Quiz] Exploring the STRIDE Model
Pros and Cons of STRIDE
STRIDE Defenses
[Quiz] STRIDE Defenses
STRIDE Threat Examples
Asset Centric Threat Modeling
Attack Trees
Attack Tree Analysis
Attacker Centric Threat Modeling
Using MITRE ATT&CK for Attacker Centric Threat Modeling
Software Centric Threat Modeling
[Quiz] Software Centric Threat Modeling
Other Threat Modeling Methodologies
Gamified Threat Modeling Approaches
Visual Card Games
Adversary Card Games
[Quiz] Gamified Threat Modeling Approaches
Introduction to Threat Rating
OWASP Risk Rating Methodology
Bug Bar
Rapid Risk Assessment
[Quiz] Introduction to Threat Rating
Summary
Chapter 3: Agile Threat Modeling
Agile Threat Modeling Approaches
Threat Modeling Diagrams as Code
Threat Modeling Inside The Code
Threat Modeling as Code
Compliance and Audit as Code
Rapid Threat Model Prototyping
[Quiz] Agile Threat Modeling Approaches
Security Requirements as Code With BDD Security
Events of Agile Software Development Through Scrum
[Quiz] Events of Agile Software Development Through Scrum
Writing Security Requirements for Agile Software Development
[Quiz] Writing Security Requirements for Agile Software Development
Use Cases and Abuse Cases
Privacy Impact Assessments and Security Requirements
[Quiz] Privacy Impact Assessments and Security Requirements
Identifying Privacy Related Threats
[Quiz] Identifying Privacy Related Threats
Summary
[DevSecOps-labs] Threat Modeling Using Code
[DevSecOps-labs] Privacy Modeling
[Meeting] Schedule a Mid-course Check-in Meeting
Chapter 4: Reporting and Deliverables
How To Manage Threat Models
Managing Threat Models as Documents
Managing Threat Models in a Backlog
Managing Threat Models as Bugs and Tickets
Managing Threat Models as Code
Managing Threat Models through Automation
[Quiz] How To Manage Threat Models
Threat Modeling Tools and Templates
[Quiz] Threat Modeling Tools and Templates
Validating Threat Models
Threat Model Versus Reality
Are All Threats Accounted For Risk?
Are All The Mitigations Tested?
Are We Done Threat Modeling?
[Quiz] Validating Threat Models
Summary
[DevSecOps-labs] Threat Modeling With Tools
Chapter 5: Secure Design Principles
Principles of Secure Design
Economy Of Mechanism
Fail Safe Defaults
Complete Mediation
Open Design
Separation Of Privilege
Least Privilege
Least Common Mechanism
Psychological Acceptability
[Quiz] Principles of Secure Design
Case Study of AWS S3 Threat Model
Kubernetes Threat Model Case Study
Case Study of very secure FTP daemon
Summary
Summary
Course Review and Summary
[Quiz] Software Centric Threat Modeling
Lecture content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock