Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson opens with an overview of threat modelling. Essentially, threat modelling involves the following key points: • Identify exposure points in the design • Identify areas of the system that might go wrong in coding, design and deployment The instructor shares a few resources about threat modelling such as books and you can purchase as well as downloads. When performing threat modelling; it is important to keep the following four questions in mind: 1. What are you building? 2. What can go wrong? 3. What are you going to do about the stuff that can go wrong? 4. Did you do an acceptable job on points 1-3? There are different approaches to threat modeling, including: • STRIDE: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege • Attack trees • Privacy tools All of these work in different ways and have their own advantages. The main focus of this lesson is STRIDE as it has many steps.