Threat Modeling Security Fundamentals
- Offered byMicrosoft
Threat Modeling Security Fundamentals at Microsoft Overview
Duration | 3 hours |
Start from | Start Now |
Total fee | Free |
Mode of learning | Online |
Schedule type | Self paced |
Difficulty level | Beginner |
Official Website | Explore Free Course  |
Credential | Certificate |
Threat Modeling Security Fundamentals at Microsoft Course details
- Introduction to threat modeling
- Create a threat model using data-flow diagram elements
- Provide context with the right depth layer
- Approach your data-flow diagram with the right threat model focus
- Use a framework to identify threats and find ways to reduce or eliminate risk
- Prioritize your issues and apply security controls
- Use recommended tools to create a data-flow diagram
- This learning path takes you through the four main phases of threat modeling, explains the differences between each data-flow diagram element, walks you through the threat modeling framework, recommends different tools and gives you a step-by-step guide on creating proper data-flow diagrams
- Data-flow diagrams are graphical representations of your system and should specify each element, their interactions and helpful context
- We start by deciding to focus on either what needs to be protected or who it needs protection from
- Threat modeling helps you generate a list of potential threats using the threat modeling framework and find ways to reduce or eliminate risk with corresponding security controls
Threat Modeling Security Fundamentals at Microsoft Curriculum
Introduction to threat modeling
Introduction
Threat Modeling Phases
Step 1 - Design
Step 2 - Break
Step 3 - Fix
Step 4 - Verify
Summary
Create a threat model using data-flow diagram elements
Introduction
Data-flow diagram elements
Process - The task element
Data store - The storage element
External entity - The no control element
Data-flow - The data in transit element
Trust boundary - The trust zone change element
Summary
Provide context with the right depth layer
Introduction
Data-flow diagram depth layers
Layer 0 - The system layer
Layer 1 - The process layer
Layer 2 - The subprocess layer
Layer 3 - The lower-level layer
Summary
Approach your data-flow diagram with the right threat model focus
Introduction
Threat Modeling Focused Approaches
System and other focused approaches
Summary
Use a framework to identify threats and find ways to reduce or eliminate risk
Introduction
Threat modeling framework
Spoofing - pretending to be someone or something else
Tampering - changing data without authorization
Repudiation - not claiming responsibility for an action taken
Information disclosure - seeing data I am not supposed to see
Denial of Service - overwhelming the system
Elevation of privilege - having permissions I should not have
Summary
Prioritize your issues and apply security controls
Introduction
Issue prioritization, security control types, and functions
Prioritize security issues
Security control types and functions
Summary
Use recommended tools to create a data-flow diagram
Introduction
Recommended tools
Threat modeling tool
Visio
Summary
Threat Modeling Security Fundamentals at Microsoft Entry Requirements
- None
- Not mentioned
Threat Modeling Security Fundamentals at Microsoft Admission Process
Important Dates
Other courses offered by Microsoft
Student Forum
Anything you would want to ask experts?