From the course: Static Application Security Testing
Join today to access over 24,700 courses taught by industry experts.
Application threat modeling: STRIDE - SonarQube Tutorial
From the course: Static Application Security Testing
Application threat modeling: STRIDE
- [Instructor] Earlier in this course, 2 I promised to go into threat modeling in more detail. 3 Here's where I make good on that promise. 4 Let's start our threat modeling conversation 5 by taking a closer look at STRIDE. 6 In 2009, Praerit Garg and Loren Kohnfelder from Microsoft 7 developed a model for considering threats 8 to the confidentiality, integrity, 9 and availability of applications, 10 and the data that those applications process. 11 Their intent was to help defenders identify the threats 12 to those applications so that those developers 13 and the security teams could take necessary steps 14 to mitigate those threats before something bad happened. 15 They chose the mnemonic, STRIDE, to make it easier 16 for those defenders to remember and to apply this model. 17 The first letter, S, 18 represents the Spoofing threat category. 19 Threats of this nature involve hijacking 20 another user's identity. 21 An example…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
Challenges of assessing source code6m 2s
-
(Locked)
OWASP Code Review Guide6m 40s
-
(Locked)
Static code analysis4m 39s
-
(Locked)
Code review models6m 40s
-
(Locked)
Application threat modeling: STRIDE8m 29s
-
(Locked)
Application threat modeling: DREAD5m 12s
-
(Locked)
Code review metrics5m 59s
-
(Locked)
Demo: Codacy7m 53s
-
(Locked)
Demo: SonarQube7m 10s
-
-
-