April 2024
Intermediate
1h 32m
English
on-demand course
Threat Modeling Fundamentals: Debug Your Security Design through Whiteboard Hacking
with Sebastien Deleersnyder
Closed Captioning available in German, English, Spanish, French, Japanese, Korean, Portuguese (Portugal, Brazil), Chinese (Simplified), Chinese (Traditional)
Overview
This course is designed to help you understand and apply threat modeling, critical for ensuring software security. Through practical exercises on a fictional E-Bike Rental App, you will gain the skills to systematically perform threat modeling. The course introduces an iterative and incremental approach to threat modeling that integrates into agile development practices. It is tailored for application security champions, software architects, and IT security specialists.
Upon completing this course, you will have the capability to create, update, and manage your own threat models. This expertise will enable you to systematically pinpoint potential vulnerabilities in your products. Moreover, the course emphasizes the significance of utilizing threat modeling as a tool to raise awareness among your teams and stakeholders. You will learn how to effectively communicate security and privacy concerns, fostering a shared understanding and commitment to software assurance within your team.
What you’ll learn and how to apply it
By the end of this on-demand course, you’ll understand:
- Where threat modeling fits in a secure development lifecycle
- The benefits of threat modeling
- The different stages of threat modeling
- The STRIDE model (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege)
- Security design mitigations
- How to prioritize and fix threat modeling findings
And you’ll be able to:
- Create and update your own threat models with an incremental technique
- Identify design flaws in your software
- Use threat modeling as an awareness tool for your team and stakeholders
- Get your team on the same page with a shared vision on security and privacy
This course is for you because you are one or more of the following
- Application security champion
- Software architect
- IT security specialist
- Development team member
- DevOps team member
Prerequisites
- Familiarity with core principles of software engineering and basic security concepts.
Course Materials
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Watch now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.