The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Threat Modeling

Course Description

It’s a fact: Malicious attackers are coming for your data, and there are many potential points of entry that you should address. Unfortunately, not every fix is obvious, simple, or even effective. Threat modeling helps to put the abundance of threats in order and contextualize security through the lens of the attack. This course explains how threat modeling helps you think about security in a structured way, covering common threat modeling methodologies and how to handle discovered threats.

Learning Objectives

  • Understand the purpose of threat modeling and its relation to other security activities
  • Understand how threat modeling fits into Microsoft’s SDL
  • Understand how threat modeling fits into the Synopsys Touchpoints methodology
  • Understand the process of threat modeling and risk management
  • Get started with threat modeling

Details

Delivery Format: eLearning

Duration: 60 Minutes

Level: Intermediate

Intended Audience: 

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Engineers
  • QA Engineers

Prerequisites: None

Course Outline

What Is Threat Modeling?

  • The Goal of Threat Modeling
  • A Pragmatic Approach to Threat Modeling
  • Software Defects, or Bugs vs. Flaws

Why Should You Threat-Model?

  • Find Security Problems Early
  • Focus on Flaws, Not Bugs
  • Identify Critical Components in the Architecture
  • Find Relevant Threats Within the Context of the System
  • Align Business Requirements and Security Requirements

Threat Modeling in a Nutshell

  • Strategies for Threat Modeling
  • Basing Threat Modeling on a Model
  • Threat Modeling Is Architecture-Agnostic

Common Threat Modeling Methodologies

  • The Big Picture
  • Microsoft Threat Modeling Using STRIDE
  • Applying Architecture Risk Analysis (ARA)
  • Alternative Approaches
  • Resources

STRIDE

  • Data Flow Diagrams
  • The STRIDE Keywords
  • Finding Threats with STRIDE
  • Making STRIDE More Concrete

Architecture Risk Analysis (ARA)

  • ARA in a Nutshell
  • Business Context and System Decomposition
  • Example Architecture Diagram
  • Attack Resistance Analysis
  • Analysis of Underlying Framework Weakness
  • Ambiguity Analysis
  • Resources

Fitting Threat Modeling into the SDLC

  • Threat Modeling Throughout the SDLC
  • Responsibilities and Actors
  • Managing Risk
  • Tracing Risk Throughout the SDLC

Conclusion

  • Key Benefit
  • Threat-Modeling Methodologies
  • Threat Modeling in the SDLC

Resource

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster