Threat Modeling

The Threat Modeling course is an exploration of creating secure applications based on well-known processes and tools adopted by the security community. The focus on end-to-end security solutioning, including architecture and design, are presented using the Software Development Lifecycles. Vulnerabilities is the security element that transcends all aspects of threat modeling. This class discusses formal mechanisms for categorizing and scoring vulnerabilities. As importantly, various techniques for mitigation of common vulnerabilities are reviewed during class. You will also learn how to create security diagrams to visualize a security model. This includes creating Security Data Flow diagrams (DFD) and Attack Trees to identify attack paths, attack points, threat actors, threat assets, and much more. Cyber kill chains are an effective tool for defensive security tactics. When combined with threat intelligence, cyber kill chains provide a real world security picture. Mitre ATT&CK, a popular kill chain, is reviewed in class.