• Online, Self-Paced
Course Description

This 7-video course explores the concept of threat modeling and how to develop and use a threat model. You will examine common threats, such as advanced persistent threats (APTs), insider threats, common malware, and third party/supplier threats. You will learn how a development team creates the threat model by using five well-defined stages. Next, learn to develop a security objective which sets the foundation for the threat model development. You will examine six categories of common threats defined in STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). Then learn to model STRIDE attacks across trust boundaries, processes, external entities, and the like. This course covers attack surface software, an attack anywhere in the system code access by unauthorized party, and how to minimize it. You will learn about Microsoft's published list of attack surface elements associated with Windows. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

Learning Objectives

{"discover the key concepts covered in this course"}

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Infrastructure Support
  • Cybersecurity Management
  • Executive Cyber Leadership
  • Software Development