Penetration testing and secure code review can uncover many types of security issues in an application; however, there are gaps that simply cannot be found with these traditional analysis techniques. Discovering weaknesses in the design of a system is the specific goal of threat modeling. Organizations benefit from this software design analysis because you can perform it without code to discover potential vulnerabilities early in the development cycle.
This course details our threat modeling process and methodologies to teach students how to identify the assets, security controls, and threat agents for a given system. The course goes on to show how this information can be used to create a prioritized list of attacks and propose appropriate mitigations. First, system threat models are described and used to build a holistic view of the security posture of the system based on the application and its associated infrastructure. This is followed by closer analysis of component interaction using protocol/sequence/API threat models. The course is also supported by hands-on lab exercises that allow students to learn by actually going through the threat model process.