From the course: Static Application Security Testing
Unlock the full course today
Join today to access over 24,400 courses taught by industry experts.
Application threat modeling: DREAD - SonarQube Tutorial
From the course: Static Application Security Testing
Application threat modeling: DREAD
- [Instructor] Similar to STRIDE, DREAD is another threat modeling approach included in the OWASP Code Review Guide. DREAD also found its origins within Microsoft although they stopped using it internally by 2008. Keep in mind though that the DREAD creators weren't pushing for an academically vetted international standard for quantifying and qualifying risks; they were just looking for a better way to manage discussions around risks and threats, and they kept DREAD deliberately simple in an effort to accomplish that goal. Since IT and security professionals love our acronyms, they developed their own five-character mnemonic to make their threat modeling approach easier to remember. The first D in DREAD represents the damage attribute. If you're familiar with the NIST risk assessment model, this DREAD attribute maps directly to impact. Its primary concern is how bad things would really be if an attacker was successful. The…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
Challenges of assessing source code6m 2s
-
(Locked)
OWASP Code Review Guide6m 40s
-
(Locked)
Static code analysis4m 39s
-
(Locked)
Code review models6m 40s
-
(Locked)
Application threat modeling: STRIDE8m 29s
-
(Locked)
Application threat modeling: DREAD5m 12s
-
(Locked)
Code review metrics5m 59s
-
(Locked)
Demo: Codacy7m 53s
-
(Locked)
Demo: SonarQube7m 10s
-
-
-