Course details

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description

This 7-video course explores the concept of threat modeling and how to develop and use a threat model. You will examine common threats, such as advanced persistent threats (APTs), insider threats, common malware, and third party/supplier threats. You will learn how a development team creates the threat model by using five well-defined stages. Next, learn to develop a security objective which sets the foundation for the threat model development. You will examine six categories of common threats defined in STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). Then learn to model STRIDE attacks across trust boundaries, processes, external entities, and the like. This course covers attack surface software, an attack anywhere in the system code access by unauthorized party, and how to minimize it. You will learn about Microsoft's published list of attack surface elements associated with Windows. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Expected Duration (hours)
0.4

Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling

  • discover the key concepts covered in this course
  • describe the process of threat modeling
  • recognize how to model common threats
  • recognize how to perform attack surface evaluation
  • measure an attack surface
  • recognize how to minimize the attack surface
  • summarize the key concepts covered in this course
  • Course Number:
    it_spcsslp19_07_enus

    Expertise Level
    Intermediate