From the course: Advanced Threat Modeling and Risk Assessment in DevSecOps
Join today to access over 25,200 courses taught by industry experts.
Popular threat modeling frameworks in DevSecOps
From the course: Advanced Threat Modeling and Risk Assessment in DevSecOps
Popular threat modeling frameworks in DevSecOps
- [Narrator] This lesson is dedicated to the most popular threat modeling frameworks, STRIDE, PASTA, Trike, and VAST, and how you can apply them in different security scenarios within your DevSecOps environment. Threat modeling without a structure can feel overwhelming. Frameworks help provide clarity, consistency, and repeatability, all critical when you're working at DevSecOps speed. They give us a common language to identify, prioritize, and manage risks early and continuously. Let's start with one of the most widely used frameworks, STRIDE. Developed by Microsoft, STRIDE categorizes threats into six distinct types with each letter in the acronym represent a different threat category. First, spoofing, impersonating something or someone else. Then tampering, modifying data or code without authorization. Repudiation, denying having performed an action without others being able to prove otherwise. Information disclosure, exposing information to unauthorized individuals. Denial of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.