Inhalt: In the twenty-first century, no one doubts the importance of cybersecurity. Threat modeling is where it starts. Threat modeling is a framework for thinking about what can go wrong, and the foundation for everything a security professional does. This training course provides an overview of the traditional four-question framework for (1) defining what you're working on, (2) discovering what can go wrong, (3) deciding what to do about it, and (4) ensuring you've done the right things in the right ways for the systems you're delivering. Instructor Adam Shostack also reviews the STRIDE model for identifying six types of threats: spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. Using a simple case study-a billing system for a media server that serves ads-Adam shows how to apply the principles and find security and privacy problems so the developer can include appropriate configurations and controls as part of the operational design and rollout. Umfang: 00:41:41.00
Inhalt: In this installment of Adam Shostack's Threat Modeling series covering the STRIDE threat modeling framework, Adam goes over the D and E parts of the framework: denial of service and elevation of privilege. For both threats, Adam digs deep into two main questions: "What can go wrong?" and "What are we going to do about it?" He details the many targets of denial-of-service attacks like storage, memory, CPU bandwidth, and budget, and how elevation of privilege exists in basically any running code. He then goes over structured methods for ensuring that your systems are resistant to the various types of DoS attacks and elevation-of-privilege attacks. These attacks affect all manner of systems, and having an understanding of how they work and how to combat them are essential parts of a comprehensive approach to cybersecurity. Umfang: 00:46:09
Inhalt: STRIDE is a popular threat modeling framework that helps security pros and software developers think strategically about risk. This course addresses the I in STRIDE, which stands for information disclosure. You can learn how to preserve the confidentiality of the data, secrets, and other information you store, and the policies you need to put into place to share that information safely. Topics include classic models such as data at rest and data in motion as well as information disclosure in processes and information disclosure in certain technologies such as cloud, Internet of Things and mobile, and AI and machine learning. Expert Adam Shostack also reviews the side effects of computation, the physical effects of CPUs, and the defenses you can put into place at your organization to manage metadata, secrets, and other sensitive information. Umfang: 00:29:23
Inhalt: Repudiation-the third stage in the STRIDE threat modeling framework-involves the acceptance or denial of responsibility. In the case of identity theft, repudiation comes into play when victims deny involvement with the charges racked up by the criminal. These threats impact all sorts of systems, and security professionals and developers need to understand how they work, and how they can ensure that their systems offer defenses that accurately indicate responsibility. In this installment of his Threat Modeling series, Adam Shostack takes a deep dive into the subject of repudiation. Using practical examples, Adam covers the issues of fraud, identity theft, attacks on logs, and repudiation in specific technologies such as blockchain and the cloud. Umfang: 00:25:38.00
Inhalt: Threat modeling is a framework for thinking about what goes wrong. Security pros and software developers should learn to threat model early in their careers, because it shapes every system they build and defend. Spoofing, pretending to be someone or something you're not, is one of the key threats to systems. This course teaches you many of the ways in which spoofing happens, including spoofing of people, machines, file systems, and processes. As instructor Adam Shostack explains, spoofing entails many factors: what you know, who you are, where you are, who you know, and more. There's spoofing of people and spoofing of roles, spoofing of processes or file spaces on a system, and spoofing of machine, IP, name, and TLS identities. Learning how and where these attacks take place will help you excel in your career and deliver more secure products and services. Umfang: 00:55:24.00
Inhalt: Threat modeling allows security pros and software developers to proactively address the inevitable-hackers trying to compromise a system-early on in a project's life cycle. In this course, Adam Shostack covers tampering, the second stage in the STRIDE threat modeling framework. Tampering can compromise the integrity of a variety of systems and tools, from debuggers to Iocal storage. Throughout this course, Adam describes how different tampering threats work, as well as what you can do about them. Learn how attackers can tamper with libraries, IoT devices, cloud services, and more. Umfang: 00:32:13.00
Programm Findus Internet-OPAC findus.pl V20.235/8 auf Server windhund2.findus-internet-opac.de,
letztes Datenbankupdate: 09.05.2024, 18:40 Uhr. 979 Zugriffe im Mai 2024. Insgesamt 511.209 Zugriffe seit Januar 2009
Mobil - Impressum - Datenschutz - CO2-Neutral