Lynda.com is no longer available for individual subscribers. Please go to LinkedIn Learning to access your account if you moved or to sign up for a new account. For additional support, reach out to firstname.lastname@example.org.
Threat modeling is a foundational framework for security professionals. In this learning path, learn how to use the STRIDE model to identify key threats—spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege—and deliver secure products and services.
Learn why threat modeling is foundational to the SDL.
Identify six common threats and discover how they work.
Learning Threat Modeling for Security Professionals with Adam Shostack
Threat modeling helps security professionals understand what can go wrong—and what to do about it. Learn to use the four-question and STRIDE frameworks for threat modeling.
41m 41s • COURSE
Threat Modeling: Spoofing In Depth with Adam Shostack
Learn about one of the key threats to modern systems: spoofing, or authentication attacks. Explore ways that attackers spoof people, machines, file systems, and processes.
55m 24s • COURSE
Threat Modeling: Tampering in Depth with Adam Shostack
Learn how tampering threats work and how to mitigate them. Explore how attackers can tamper with a variety of systems and tools, from debuggers to cloud services.
32m 13s • COURSE
Threat Modeling: Repudiation in Depth with Adam Shostack
Explore repudiation threats and how to defend against them. Learn how to grapple with fraud, identity theft, and repudiation in specific technologies such as blockchain.
25m 38s • COURSE
Threat Modeling: Information Disclosure in Depth with Adam Shostack
Learn about the information disclosure pillar in the STRIDE threat modeling framework. Discover how to preserve the confidentiality of the data, secrets, and other information you store.
29m 23s • COURSE
Threat Modeling: Denial of Service and Elevation of Privilege with Adam Shostack
This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.
46m 9s • COURSE
You'll learn threat modeling skills with this expert.
Adam Shostack is a consultant, entrepreneur, technologist, author, and game designer.
He's a member of the Black Hat Review Board, and helped found the Common Vulnerabilities and Exposures (CVE) and many other things. He's currently helping a variety of organizations improve their security, and advising startups as a MACH37 Stars Mentor Network. While at Microsoft, he drove the AutoRun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3, and created the Elevation of Privilege game. Adam is the author of Threat Modeling: Designing for Security and the co-author of The New School of Information Security.