From the course: Practical Secure by Design: Threat Modeling to Build Resilient Products
Join today to access over 24,900 courses taught by industry experts.
Threat model: What can go wrong when systems fail
From the course: Practical Secure by Design: Threat Modeling to Build Resilient Products
Threat model: What can go wrong when systems fail
- [Instructor] As discussed, because we are going back to the previous four chapters and trying to implement fail securely on those previously identified threats, let's actually copy and paste them from our previous threat models. With secure defaults, we talked about abusing checkout or payments API to steal credit card information in plain text, of course. With our second threat, minimizing attack surface, we talked about debug mode being enabled and exposed to the internet. For our third threat, we talked about customer or low privilege user having access to all the order details. As a part of our fourth threat, we talked about injection attacks on the search field. The reason I want to teach you about the same four threats is because sometimes a single threat could have multiple security recommendation in the context of a different design principle. The priority as we understand for all of these is critical. I'm…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
(Locked)
Scenario: Scope of insecure failure states1m 19s
-
(Locked)
Insecure implementation: Handling failures the wrong way1m 34s
-
(Locked)
Threat model: What can go wrong when systems fail1m 47s
-
(Locked)
Security requirements: Designing fail-secure mechanisms3m 11s
-
(Locked)
Real-world example: Fail securely in action2m 1s
-
(Locked)
Ensure your app fails securely34s
-
(Locked)
-
-