Threat Modeling: Denial of Service and Elevation of Privilege
Threat Modeling: Denial of Service and Elevation of Privilege
Updated: 9/4/2024
Duration: 48m | .MP4 1280x720, 30 fps(r) | AAC, 48000 Hz, 2ch | 192 MB
Genre: eLearning | Language: English
Updated: 9/4/2024
Duration: 48m | .MP4 1280x720, 30 fps(r) | AAC, 48000 Hz, 2ch | 192 MB
Genre: eLearning | Language: English
In this installment of Adam Shostack’s Threat Modeling series covering the STRIDE threat modeling framework, Adam goes over the D and E parts of the framework: denial-of-service and elevation-of-privilege. For both threats, Adam digs deep into two main questions: “What can go wrong?” and “What are we going to do about it?” He details the many targets of denial-of-service attacks like storage, memory, CPU bandwidth, and budget. Adam explains how elevation-of-privilege exists in basically any running code. He then goes over structured methods for ensuring that your systems are resistant to the various types of DoS attacks and elevation-of-privilege attacks. These attacks affect all manner of systems, and having an understanding of how they work and how to combat them are essential parts of a comprehensive approach to cybersecurity.
More Info