Adam Shostack
Author
Language
English
Description
Learn about one of the key threats to modern systems: spoofing, or authentication attacks. Explore ways that attackers spoof people, machines, file systems, and processes.
Threat modeling is a framework for thinking about what goes wrong. Security pros and software developers should learn to threat model early in their careers, because it shapes every system they build and defend. Spoofing, pretending to be someone or something you're not, is one...
Author
Language
English
Description
Learn how tampering threats work and how to mitigate them. Explore how attackers can tamper with a variety of systems and tools, from debuggers to cloud services.
Threat modeling allows security pros and software developers to proactively address the inevitable—hackers trying to compromise a system—early on in a project's life cycle. In this course, Adam Shostack covers tampering, the second stage in the STRIDE threat modeling framework. Tampering...
Author
Language
English
Description
Learn how technologists can solve common problems by deploying creative strategies to drive new results.
Are you trying to solve a problem that just won’t budge, or a problem that calls for a new way of thinking? You may want to try to apply your creative side to get a better idea of what’s really possible. In this course, instructor Adam Shostack shows you how to use actionable techniques to generate and develop strategies that make the world...
Author
Language
English
Description
Explore repudiation threats and how to defend against them. Learn how to grapple with fraud, identity theft, and repudiation in specific technologies such as blockchain.
Repudiation—the third stage in the STRIDE threat modeling framework—involves the acceptance or denial of responsibility. In the case of identity theft, repudiation comes into play when victims deny involvement with the charges racked up by the criminal. These threats impact all...
Author
Language
English
Description
Learn about the information disclosure pillar in the STRIDE threat modeling framework. Discover how to preserve the confidentiality of the data, secrets, and other information you store.
STRIDE is a popular threat modeling framework that helps security pros and software developers think strategically about risk. This course addresses the I in STRIDE, which stands for information disclosure. You can learn how to preserve the confidentiality of the...
Author
Language
English
Description
Threat modeling helps security professionals understand what can go wrong—and what to do about it. Learn to use the four-question and STRIDE frameworks for threat modeling.
In the twenty-first century, no one doubts the importance of cybersecurity. Threat modeling is where it starts. Threat modeling is a framework for thinking about what can go wrong, and the foundation for everything a security professional does. This training course provides...
Author
Language
English
Description
Learn how to deliver value securely with AI- and ML-powered business systems by threat modeling.
So much is happening in the world of AI right now that it can be hard to make sense of what’s what. And if you’re a developer, product manager, program manager, or site reliability engineer, you’re expected to deliver secure systems in a practical way. This course is designed to give technologists a durable framework for thinking about what can...
Author
Language
English
Description
This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.
In this installment of Adam Shostack’s Threat Modeling series covering the STRIDE threat modeling framework, Adam goes over the D and E parts of the framework: denial of service and elevation of privilege. For both threats, Adam digs deep into two main questions: “What can go wrong?” and “What are...