From the course: Complete Guide to Application Security
Join today to access over 25,600 courses taught by industry experts.
Demo: Building a threat model
From the course: Complete Guide to Application Security
Demo: Building a threat model
- [Instructor] To understand how to build a threat model, one of the best tools that you can use to automate much of this process is Threat Dragon from OWASP. This tool was specifically designed so that you can build out your application's data flow and then apply threats to each component of that flow. While there's a local version of the tool that you can download and install, I did want to point out they also have a Docker image. It requires some encryption keys, might be a little trickier to get up and running, but you've got options for how you can run this tool. So this is the opening screen of Threat Dragon, and when you come into the screen, you can open a model you've already created, you can build one from scratch, but I'd like you to go over here to explore a sample threat model on the right, and I want to go all the way down to the bottom where it says Version 2 Demo Model. Now, the versions here, it's important to note that the tool's evolved a bit over the years, and…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
(Locked)
Security regulations and compliance7m 6s
-
(Locked)
Threat modeling5m 37s
-
(Locked)
Demo: Building a threat model7m 39s
-
(Locked)
Web security testing guide5m 35s
-
(Locked)
Demo: Conducting a web security test9m 9s
-
(Locked)
Application Security Verification Standard (ASVS)4m 36s
-
(Locked)
Demo: Using the ASVS6m 17s
-
(Locked)
Penetration testing4m 50s
-
(Locked)
Demo: Conducting a penetration test9m 55s
-
(Locked)
-