From the course: Advanced Threat Modeling and Risk Assessment in DevSecOps
Join today to access over 25,200 courses taught by industry experts.
MITRE ATT&CK and OWASP: Top 10 for threat modeling
From the course: Advanced Threat Modeling and Risk Assessment in DevSecOps
MITRE ATT&CK and OWASP: Top 10 for threat modeling
- [Instructor] In this lesson we'll explore how two powerful frameworks MITRE ATT&CK and the OWASP top 10 can elevate your threat modeling activities in DevSecOps. Let's start with MITRE ATT&CK, it's a globally accessible knowledge base of adversary tactics techniques, and procedures, or TTPs based on real world observation. Think of it like a menu of how attackers behave once they've breached the system. Key features of MITRE ATT&CK. First tactics, the high level goals of an attacker such as initial access, execution, resistance, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and impact. Then techniques, the specific methods used to achieve these goals such as phishing for initial access or credential dumping for credential access and procedures, real world examples of how threat actors have implemented these techniques. MITRE ATT&CK is used to map attack patterns and identify defensive gaps, guide red teaming and…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.