Back to Browse

AVCDL threat modeling - overview

58 views
Apr 16, 2025
13:29

This training covers an overview of the AVCDL threat modeling process. AVCDL repo: https://github.com/AVCDL/AVCDL training material source: https://github.com/AVCDL/AVCDL/tree/main/training/threat%20modeling%20-%20overview/ References: The Security Development Lifecycle (Michael Howard and Steve Lipner) Threat Modeling: Designing for Security (Adam Shostack) Guide to Data-Centric System Threat Modeling https://csrc.nist.gov/publications/detail/sp/800-154/draft NDC 2018: Threat Modeling: Uncover Vulnerabilities Without Looking at Code (video) https://www.youtube.com/watch?v=Fmp9UFjPiJs Microsoft Security Development Lifecycle (SDL) - simplified implementation http://download.microsoft.com/download/F/7/D/F7D6B14F-0149-4FE8-A00F-0B9858404D85/Simplified Implementation of the SDL.doc Threat Modeling for IoT Systems (video) https://www.youtube.com/watch?v=DusPiguYq2w Trustworthy Computing https://www.wired.com/2002/01/bill-gates-trustworthy-computing/ Commercial Kitchen Image https://oklahomaworks.gov/wp-content/uploads/2018/01/Build-your-ideal-workforce-through-apprenticeship.-Header.jpg AVCDL (GitHub) https://github.com/nutonomy/AVCDL AVCDL (YouTube) https://youtube.com/@AVCDL Threat Modeling Report (AVCDL secondary document) Understanding Verification and Validation in an AVCDL Context (AVCDL elaboration document) Understanding Cybersecurity Risk Freshness in an AVCDL Context (AVCDL elaboration document) Threat Modeling Vocabulary (capture of 11 May 2011 blog post) https://web.archive.org/web/20161101093537/https://www.cigital.com/blog/threat-modeling-vocabulary/ Threat Modeling Glossary Diagram (for above blog post capture) https://www.synopsys.com/blogs/software-security/wp-content/uploads/2015/08/threat-modeling-glossary-diagram.jpg Chapters: 00:00 Title 00:09 Training Path 00:37 Introduction 01:36 Deficiencies vs Defects 02:27 Terminology 03:08 What is a Threat Model 03:32 Threat Modeling Lifecycle 05:18 Threat Modeling Process 05:34 Model Creation 05:51 Simple System - Block View 06:39 Simple System - DFD 07:25 Model Analysis 07:44 DFD Analysis 07:56 Resource Access Working Model 09:12 Threat Candidate Triage 09:51 Threat Modeling Feedback 10:25 Threat Model Verification 10:38 V-model View 11:21 Threat Model Review Feedback 11:58 AVCDL on GitHub 12:19 AVCDL on YouTube 12:39 Next Steps 13:06 References

Download

0 formats

No download links available.

AVCDL threat modeling - overview | NatokHD