AVCDL attack surface analysis - model analysis

This training covers the Attack Surface Analysis - Model Analysis activity. AVCDL repo: https://github.com/AVCDL/AVCDL training material source: https://github.com/AVCDL/AVCDL/tree/main/training/attack%20surface%20analysis%20-%20analysis/ References: AVCDL primary document Attack Surface Analysis Report (AVCDL secondary document) Attack Surface Analysis Analysis Procedure (AVCDL tertiary document) AVCDL attack surface analysis model template (AVCDL template) AVCDL attack surface analysis issues template (AVCDL template) Threat Modeling Report (AVCDL secondary document) Threat Prioritization Plan (AVCDL secondary document) Service Name and Transport Protocol Port Number Registry https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml NIST SP 800-63 Digital Identity Guidelines https://www.nist.gov/identity-access-management/nist-special-publication-800-63-digital-identity-guidelines RFC 6335: Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry https://www.rfc-editor.org/rfc/pdfrfc/rfc6335.txt.pdf Chapters: 00:00 Title 00:10 Training Path 00:43 Introduction 00:51 Attack Surface Analysis Process 01:04 Analysis Activity 01:16 Entities of Interest 01:50 Block View 02:14 Entities 03:00 Analysis 03:26 Physical Port Questions 07:12 Logical Port / Protocol Questions 11:32 Process Questions 13:02 Example 13:09 Physical Ports 13:24 Physical Ports List 15:32 Logical Ports / Protocols 15:48 Logical Ports / Protocols List 18:35 Processes 18:49 Processes List 20:19 Issues 20:25 Categorization 23:34 Identified Issues 24:49 Recap 24:58 Summary 26:17 Further Reading 26:29 Example Materials 26:34 AVCDL on GitHub 26:54 AVCDL on YouTube 27:12 Next Steps 27:27 References