The below video provides an introduction to the theory behind threat modelling and analysis using the STRIDE categorization scheme. It provides a way to identify threats to software you are developing yourself as well as off-the-shelf software products.
Transcript: Security Threat Modelling / Analysis using STRIDE and the Microsoft Threat Analysis Tool - Video Transcript
This is one of the things you need to know if you are planning to work towards CISSP cybersecurity certification.
The video talks about the theory on creating a data flow diagram, and how the analysis is then applied. In a future video I plan to create another video with a practical example of how to apply STRIDE analysis to an open source software projects.
The 6 steps to STRIDE are:
Please subscribe to Penguin Fortress on YouTube for future videos.
For more details about how security see the following guides: