Learning Threat Modeling for Security Professionals

This training course provides an overview of the traditional four-question framework for (1) defining what you're working on, (2) discovering what can go wrong, (3) deciding what to do about it, and (4) ensuring you've done the right things in the right ways for the systems you're delivering. Instructor also reviews the STRIDE model for identifying six types of threats: spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege.