Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

LinkedIn Learning

Threat Modeling: Denial of Service and Elevation of Privilege

via LinkedIn Learning

Overview

This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.

Syllabus

Introduction
  • Let me interrupt you
  • STRIDE and the four question framework
1. DoS Targets
  • DoS in context
  • Attackers fill networks
  • How attackers redline your CPU
  • How attackers fill storage
  • How attackers spend your budget
  • How attackers drain your battery
2. Properties of DoS Attacks
  • Persistence and transience of DoS
  • Naïve to clever: Understanding DoS
  • Amplified or native: Two modes of DoS
3. DoS in Various Technologies
  • Mobile and IoT denial of service
  • Cloud denial of service
4. DoS Defenses
  • Designing for resilience
  • Quantity as a defense
5. EOP
  • What is elevation of privilege?
  • Input corrupts
  • Main forms of corrupt input
6. EOP Defenses
  • Ways to defend against EOP
  • Validation to defend against elevation
  • Validate for purpose to prevent elevations
  • Validation not sanitization for defense
  • Attenuation in defense
  • Memory safety as a defensive tool
  • Stack canaries to protect your code
  • Sandboxes and isolation protect your environment
  • Bolt-on or built-in defenses
Conclusion
  • Making great strides

Taught by

Adam Shostack

Reviews

4.8 rating at LinkedIn Learning based on 101 ratings

Start your review of Threat Modeling: Denial of Service and Elevation of Privilege

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.