Тёмный

STRIDE Threat Modeling for Beginners - In 20 Minutes 

Netsec Explained
Подписаться 10 тыс.
Просмотров 35 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

If I could save a company a million dollars on their security budget every year, this is how I'd do it! While most people don't think of threat modeling as the sexiest exercise, it can actually be pretty exciting. Trust me when I say this, I wish I had learned how to do threat modeling much earlier when I was first starting out in consulting and bug hunting. It would have saved a lot of time, and made my clients happier too! Now, if you want to learn how to make one yourself to save you time, a headache, and money; then that's what we're going to get into today.
OWASP Threat Modeling Process - owasp.org/www-...
Completed AI application threat model - aivillage.org/...
Draw.io Desktop - github.com/jgr...
Software Development Lifecycle (SDLC) - www.synotive.c...
#threatmodeling #ethicalhacking #infosec #cybersecurity #redteam #webapp

Опубликовано:

 

4 окт 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 33   
@hojatsajadinia8905
@hojatsajadinia8905 7 месяцев назад
Really good for starting thread modeling.
@Digi-qb1
@Digi-qb1 Месяц назад
The information you get from this video is a solid introduction. Great job!!! Thank you.
@DebasishMandal
@DebasishMandal Месяц назад
This is the most useful video on threat modeling on the internet! thank you for making it!
@PaigeHokanson-z2g
@PaigeHokanson-z2g 14 дней назад
@NetsecExplained
@NetsecExplained 12 дней назад
It's been a game changer when working with developers and explaining threat modeling to them.
@borroms97
@borroms97 10 месяцев назад
Thanks for sharing your knowledge on this, I am studying for CISSP and your video has helped me understand how a Threat Modelling exercise is actually done.
@NetsecExplained
@NetsecExplained 10 месяцев назад
Happy to help!
@adansko
@adansko 7 месяцев назад
A great introduction to beginners. I learned a lot. Thank you!
@Stew282
@Stew282 7 месяцев назад
Great explanation and example. Thanks!
@funkzsnoopy
@funkzsnoopy 13 дней назад
Very nice explanation! Thank you!
@jerryb1705
@jerryb1705 6 месяцев назад
Thanks. The video helped me understand the threat modelling concept better.
@monsieurdelaperouse9756
@monsieurdelaperouse9756 19 дней назад
Excellent! Thank you very much!
@ashleywicks2762
@ashleywicks2762 7 дней назад
Thanks heaps for this video super helpful.
@HarishKumar-lz2nw
@HarishKumar-lz2nw 22 дня назад
Very informative. Thanks
@NetsecExplained
@NetsecExplained 21 день назад
Glad it was helpful!
@eilonc
@eilonc 9 месяцев назад
Thanks! awesome demonstration on how to perform Threat Modeling.
@NetsecExplained
@NetsecExplained 9 месяцев назад
Thank you!
@nojozol1816
@nojozol1816 4 месяца назад
this awesome. hoping you make one more complex as well !
@christopherortiz4971
@christopherortiz4971 4 месяца назад
Thank you, really easy to understand
@ishwaryanarayan1010
@ishwaryanarayan1010 3 месяца назад
Very informative 🙏
@LasseStorgaard
@LasseStorgaard 10 месяцев назад
Really good video, thank you!
@papoy9084
@papoy9084 6 месяцев назад
@11:42 minutes, you mentioned PASTA, can you please make a video about PASTA vs STRIDE and other threat modelling approaches?
@NetsecExplained
@NetsecExplained 6 месяцев назад
I don't want to make a whole video on PASTA since I haven't used it enough. PASTA is more geared towards internal teams and has you work with your dev/systems steams more closely. It needs to be more ingrained in the planning process. But it is great!
@NuruddinBiplob
@NuruddinBiplob 7 месяцев назад
Thanks a lot.
@DontFookGaming
@DontFookGaming 8 месяцев назад
Nicely explanation, I have one question, why you are doing this in manually, there is a tool from Microsoft. That tool will do all things automatically for you. Any specific reason you do this manually?
@NetsecExplained
@NetsecExplained 6 месяцев назад
This is actually a really great question. Sometimes you can over automate things. I don't like the MS tool because unless you're seasoned and have the tool configured properly, it's overwhelming and ultimately unhelpful. You need to spend so much more time getting the tool set properly to make your threat models useful. I don't recommend it unless you already know what you're doing.
@TejasJain1991
@TejasJain1991 10 месяцев назад
Would you define trust boundries around every single "node" if you are to follow the Zero Trust framework?
@NetsecExplained
@NetsecExplained 10 месяцев назад
That's a good question! I actually don't know the answer to that. I think I would start by segmenting off the environment like normal, then make sure to include mutual authentication and allow list authorization into my trust requirements. If any component didn't enforce those two things in every part of each segment, then I'd flag that as a new vulnerability to be remediated. This is why I like standard security patterns that you can enforce internally. That way, there is no guessing. "Doesn't authenticate through our standard process? Vulnerability, remediate it immediately."
@MikeAdams
@MikeAdams 10 месяцев назад
Maybe I'm just blind but I don't see the completed threat model report in the description? :(
@NetsecExplained
@NetsecExplained 10 месяцев назад
That's a good point. It's there, but not labeled as the completed threat model. It's the aivillage link. I will update the description.
@smarthometechnologee
@smarthometechnologee 8 дней назад
I need some help can you please advise how can i reach you.
@NetsecExplained
@NetsecExplained 3 дня назад
We can message on here. What can I help you with?
Далее
Threat modelling with OWASP Threat Dragon
11:54
Threat modelling with OWASP Threat Dragon
Просмотров 10 тыс.
PASTA Threat Modeling for Cybersecurity | OWASP All Chapters 2020 Presentation
1:02:11
PASTA Threat Modeling for Cybersecurity | OWASP All Chapters 2020 Presentation
Просмотров 26 тыс.
肉橙:不要以為我小就好忽悠,我這被珍珠奶茶是假的! #funny#萌娃#搞笑
00:23
肉橙:不要以為我小就好忽悠,我這被珍珠奶茶是假的! #funny#萌娃#搞笑
Просмотров 11 млн
😍😍 #adamari #fashion #fashionabledress #fashiontrends #outfit #adamariuz
00:12
😍😍 #adamari #fashion #fashionabledress #fashiontrends #outfit #adamariuz
Просмотров 418 тыс.
СТРАШНАЯ ПЕРЕПИСКА | ЗОВ УИЛЛОУ-КРИКА
32:06
СТРАШНАЯ ПЕРЕПИСКА | ЗОВ УИЛЛОУ-КРИКА
Просмотров 959 тыс.
HA-HA-HA-HA 👫 #countryhumans
00:15
HA-HA-HA-HA 👫 #countryhumans
Просмотров 5 млн
Master Burp Suite Like A Pro In Just 1 Hour
51:29
Master Burp Suite Like A Pro In Just 1 Hour
Просмотров 84 тыс.
Introduction to Threat Modelling with STRIDE
53:09
Introduction to Threat Modelling with STRIDE
Просмотров 7 тыс.
Cloud Design Patterns
3:40:10
Cloud Design Patterns
Просмотров 1 тыс.
I Played HackTheBox For 30 Days - Here's What I Learned
10:23
I Played HackTheBox For 30 Days - Here's What I Learned
Просмотров 423 тыс.
Introduction To The MITRE ATT&CK Framework
35:48
Introduction To The MITRE ATT&CK Framework
Просмотров 10 тыс.
Cybersecurity STRIDE working example threat analysis
27:27
Cybersecurity STRIDE working example threat analysis
Просмотров 3,7 тыс.
Explained: The OWASP Top 10 for Large Language Model Applications
14:22
Explained: The OWASP Top 10 for Large Language Model Applications
Просмотров 23 тыс.
PASTA Threat Modeling for Cybersecurity | Threat Modeling Example
19:41
PASTA Threat Modeling for Cybersecurity | Threat Modeling Example
Просмотров 6 тыс.
Threat Modeling Explained| How to implement threat modeling| Pros and Cons of Threat Modeling Method
1:15:22
Threat Modeling Explained| How to implement threat modeling| Pros and Cons of Threat Modeling Method
Просмотров 17 тыс.
Threat modeling using STRIDE and Attack Trees
25:40
Threat modeling using STRIDE and Attack Trees
Просмотров 31 тыс.
肉橙:不要以為我小就好忽悠,我這被珍珠奶茶是假的! #funny#萌娃#搞笑
00:23
肉橙:不要以為我小就好忽悠,我這被珍珠奶茶是假的! #funny#萌娃#搞笑
Просмотров 11 млн