Understanding common code review models can help you better perform source code security reviews. In this video, learn about popular code review models.
- [Instructor] Earlier in this course, … I promised to go into threat modeling in more detail … here's where I make good on that promise. … Let's start our threat modeling conversation … by taking a closer look at STRIDE. … In 2009 Praerit Garg and Loren Kohnfelder … from Microsoft developed a model for considering threats … to the confidentiality, integrity and availability … of applications and the data those applications process. … Their intent was to help defenders identify the threats … to those applications so that the developers … and the security team could take the necessary steps … to mitigate those threats before something bad happened. … They chose the mnemonic STRIDE to make it easier … for those defenders to remember and apply this model. … The first letter S represents the spoofing threat category, … threats of this nature involve hijacking … another user's identity. … An example of this would be logging in to an application … with someone else's password. … Spoofing threats represent a risk to the authenticity …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.