Application threat modeling can help you review your application security testing activity by focusing on those threats most likely to impact your application. In this video, learn about tools and techniques for developing application threat models.
- [Instructor] Similar to STRIDE, DREAD is another … threat-modeling approach included … in the OWASP code review guide. … DREAD also found its origins within Microsoft, … although they stopped using it internally by 2008. … Keep in mind, though, that the DREAD creators … weren't pushing for an academically-vetted international … standard for quantifying or qualifying risk. … They were just looking for a better way … to manage discussions around risks and threats. … And they kept DREAD deliberately simple in an effort … to accomplish that goal. … Since IT and security professionals love our acronyms, … they developed their own five-character mnemonic … to make their threat-modeling approach easier to remember. … The first D in DREAD represents the damage attribute. … If you're familiar with the nist risk assessment model, … this DREAD attribute maps directly to Impact. … Its primary concern is how bad things would really be … if an attacker was successful. … The OWASP code review guide suggests that you ask …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.