Summary
Threat modeling is an effective way to help secure your systems, applications, networks, and services. It identifies potential threats and recommends risk-reduction strategies to help you meet security goals early in the development lifecycle.
In this module, you:
- Understood the importance of capturing requirements and assumptions to help create a data-flow diagram
- Read about the framework that helps you find security issues in a system
- Learned about the security control categories that help you reduce or eliminate potential threats
- Highlighted the importance of verifying assumptions, requirements, and fixes before deployment
What's next
In the next few modules of this learning path, learn about each concept introduced in the four phases in detail:
| Module | Title | Description |
|---|---|---|
| 2 | Create a threat model using data-flow diagram elements | Learn about each element in a data-flow diagram, including when to use them and what context to include |
| 3 | Provide context with the right depth layer | Learn the differences between each context-depth layer and when to use them before you create a data-flow diagram |
| 4 | Approach your data-flow diagram with the right threat model focus | Learn about the different ways to focus your threat-modeling activities |
| 5 | Use a framework to identify threats and find ways to reduce or eliminate risk | Deep-dive into STRIDE and learn more about what's at risk and how to protect your system |
| 6 | Prioritize your issues and apply security controls | Learn to prioritize threats and understand the different types and functions of security controls for your system |
| 7 | Use recommended tools to create a data-flow diagram | Check out some of the tools you can use for threat modeling |