Explore a simplified approach to threat modeling in this 44-minute conference talk from LASCON 2012. Learn about the anatomy of an attack, threat traceability matrix, and elements of a threat model. Discover a streamlined framework for threat modeling, including steps to diagram software architecture, enumerate attack surfaces, and visualize users as potential threats. Gain insights on illuminating assets and trust boundaries, postulating attacks against assets, evaluating impact, and implementing mitigation strategies. Understand how to act on threat modeling results and simplify the overall process to enhance your cybersecurity practices.
Overview
Syllabus
Intro
Today's Threat Modeling Theme
What is a Threat?
Threat Example - Mobile Architecture
Anatomy of an Attack
Threat Traceability Matrix
Elements of a Threat Model
Simplified Threat Modeling Framework
Diagram Software Architecture
Enumerate Attack Surface(s)
Each User Class Becomes a Threat
Malicious Intent Creates New Threat
Visualize Normal Users as Threats
Re-consider Attack Surface(s)
Capture 'Who', 'Where', and 'What'
Illuminate Assets
Illuminate Trust Boundaries
Postulate Attacks Against Assets
Evaluate Impact
Mitigate
7+1 Threat Modeling Steps
Acting on Threat Modeling Results
Simplifying Threat Modeling
Taught by
LASCON
Related Courses
-
Offensive Threat Models Against the Supply Chain
-
Cloud Threat Modeling - From Architecture Design to Application Development
-
Threat Modeling - How to Actually Do It and Make It Useful
-
Securing Open Source Through Threat Modeling
-
Threat Modeling Cloud Apps - What You Don't Know Will Hurt You
-
Threat Modeling for the Gaming Industry
