The below video provides an introduction to the theory behind threat modelling and analysis using the STRIDE categorization scheme. It provides a way to identify threats to software you are developing yourself as well as off-the-shelf software products.
This is one of the things you need to know if you are planning to work towards CISSP cybersecurity certification.
The video talks about the theory on creating a data flow diagram, and how the analysis is then applied. In a future video I plan to create another video with a practical example of how to apply STRIDE analysis to an open source software projects.
The 6 steps to STRIDE are:
Please subscribe to Penguin Fortress on YouTube for future videos.
For more details about how security see the following guides: