O`REILLY – Hands-on Threat Modeling
English | Tutorial | Size: 395.56 MB
Threat modeling (also known as architecture risk analysis) is the primary security analysis task performed during the software design stage. It is a structured activity for identifying and evaluating application threats and related design flaws. You use the identified flaws to adapt your design, or scope your security testing.
Threat modeling allows you to consider, identify, and discuss the security implications of user stories in a structured fashion, and in the context of their planned operational environment. This threat modeling crash course will teach you to perform threat modeling through a series of exercises, where our trainer will guide you through the different stages of a practical threat model based on a migration from a “classical” web application to a combination of AWS hosted microservices.
In this workshop you will learn an iterative and incremental threat modeling method that you can integrate in your development and deployment pipeline. This method allows you to consider security issues at your application and component levels.
Exercises are built upon a fictional Acme Hotel Booking (AHB) system, where we migrate a legacy client-server system towards a cloud based, micro service stack using AWS services.
What you’ll learn and how you can apply it
By the end of this live, hands-on, online course, you’ll understand:
Where threat modeling fits in a secure development lifecycle
The benefits of threat modeling
The different stages of threat modeling
The STRIDE model (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege)
Secure design mitigations
Risk rating
And you’ll be able to:
Create and update your own threat models with an incremental technique
Identify design flaws in your software
Use threat modeling as an awareness tool for your team and stakeholders
Get your team on the same page with a shared vision on security
This live event is for you because.
You’re an application security champion, software architect or IT security specialist
You work with development and DevOps teams to increase software assurance and resilience
You want to become an application security expert
Prerequisites
Familiarity with core principles of software engineering, software security, microservices, cloud architectures and AWS.
Recommended preparation:
Access to draw.io (a free online or native client, no account needed). Please clone/download this threat modeling template and follow the installation instructions.
Read Wikipedia’s threat model entry
Recommended follow-up
Read Threat Modeling: Designing for Security (book)
Read Software Security Engineering: A Guide for Project Managers (book)
Read Agile Application Security (book)
Take AWS Certified Security – Specialty Crash Course (live online training course with Chad Smith)
RAPIDGATOR
rapidgator.net/file/49d86d9d47f7c92acb96bda46cef8f17/OREILLY_HANDS-ON_THREAT_MODELING.rar.html
1DL
1dl.net/3y0ju2og3pac/OREILLY_HANDS-ON_THREAT_MODELING.rar.html
UPLOADGIG
uploadgig.com/file/download/b6128a842cA61f43/OREILLY_HANDS-ON_THREAT_MODELING.rar