LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Programming Foundations: Secure Coding

Unlock this course with a free trial

Join today to access over 24,700 courses taught by industry experts.

Threat modeling

Threat modeling

From the course: Programming Foundations: Secure Coding

Start my 1-month free trial Buy for my team

Threat modeling

“

- One of the best places to start your secure code journey is through threat modeling. Threat modeling is a process where you systematically evaluate your system design, deployment, and structure for potential attack vectors. This process is not only proactive, but also retrospective in nature, in that you constantly must evaluate new features and reevaluate existing features. Once attack vectors are determined, you use your threat models to build both mitigations and remediations into your system. Again, this is a retrospective process, where every mitigation can cause the threat model itself to change. This isn't a course on threat modeling itself, but I do want to at least call out the general steps and a couple of methodologies. System analysis is the breaking down of your system into its component architecture and understanding the data flows between your components. Threat identification is the evaluation of the attack vectors, methods, and motivations for exploiting the system.…

Contents