Threat Simulation and Modeling Training

Threat Simulation and Modeling Training

Threat Simulation and Modeling Training Course Description

Threat simulation and modeling training teaches you the various types of threat modeling techniques and helps you to apply threat modeling as an advanced preventive form of security. TONEX as a leader in security industry for more than 15 years is now announcing the threat simulation and modeling training which helps you to recognize methodologies, tools and case studies of successful threat modeling technique.

Threat Simulation and Modeling Training course covers a variety of topics in cybersecurity area such as: process for attack simulation and threat analysis (PASTA), STRIDE, common attack patter enumeration and classification (CAPEC), threat modeling with SDLC, and existing threat modeling approaches. Moreover, you will be introduced to threat analysis, weakens and vulnerability analysis, attack modeling and simulation, and residual risk analysis and management.

By taking the threat simulation and modeling training by TONEX, you will learn about the main concepts in threat modeling, application threats, software development life cycle (SDLC), and common types of threats.

Threat simulation and modeling training course introduces different techniques of threat modeling which you may apply to your own products to ensure the security, or develop more secure environment for your software product.

Learn About:

• PASTA, objectives of risk analysis, risk centric threat modeling, and weakness and vulnerability analysis basics.
• Common attack pattern enumeration such as: HTTP response splitting, SQL injection, XSS strings, phishing, buffer overflow, authentication protocol attacks or even cache poisoning.
• Threat analysis approaches and principles to give you the step by step straight forward methodology to conduct the threat modeling and analysis. Moreover, a detailed introduction of existing threat modeling approaches are included in the course. Examples of such approaches can be: CVSS, CERT, DREAD, and SDL threat modeling.

Who Can Benefit from Threat Simulation and Modeling Training

If you are an IT professional who specialize in computer security, you will benefit the presentations, examples, case studies, discussions, and individual activities upon the completion of threat simulation and modeling training and will prepare yourself for your career.

Threat Simulation and Modeling Training Features 

Threat simulation and modeling training will introduce a set of labs, workshops and group activities of real-world case studies in order to prepare you to tackle all the related computer threat challenges.

Our instructors at TONEX will help you to understand the step-by-step procedure for attack simulation and modeling such as enumerating the attack vector, assessing the probability of attacks, attack driven security tests or attack library update.

Audience

The threat simulation and modeling training is a 2-day course designed for:

• IT professionals in the area of information security and cybersecurity
• Executives and managers of cybersecurity and threat modeling area
• Information technology professionals, web engineers, security analysts, policy analysts
• Security operation personnel, network administrators, system integrators and security consultants
• Security traders to understand the threat modeling techniques
• Investors and contractors who plan to make investments in cybersecurity industry.
• Technicians, operators, and maintenance personnel who are or will be working on threat modeling projects
• Managers, accountants, and executives of cybersecurity industry.

Learning Objectives

Upon completion of threat simulation and modeling training course, the attendees are able to:

• Identify the goals of threat modeling
• Recognize the tools for threat modeling
• Identifying the step by step procedure for threat modeling and simulation
• Describe different types of threats in threat analysis techniques
• Identify the existing threat modeling approaches and procedures
• Understand common attack pattern enumeration and classification
• Describe the process for attack simulation and threat analysis
• Conduct threat modeling and simulation techniques for real world problems

Course Outline

Threat simulation and modeling training course consists of the following lessons, which can be revised and tailored to the client’s need:

Overview of Threat Modeling

• Understanding Threat Modeling
• Identifying Assets, Threats, and Vulnerabilities
• Key Steps in Threat Modeling
• Types of Threats
• Security Controls and Countermeasures
• Threat Intelligence Integration
• Integration with Software Development Life Cycle (SDLC)
• Collaborative Threat Modeling
• Continuous Improvement and Iteration
• Automation and Tooling
• Threat Modeling in Cloud and DevOps and DevSecOps Environments
• Risk Communication and Reporting

Conducting Threat Modeling

• Identify Assets: Identify the assets within the system that need to be protected, such as sensitive data, critical functions, or key resources.
• Identify Threats: Use the STRIDE framework to systematically analyze each component of the system and identify potential threats associated with spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege.
• Assess Risks: Evaluate the likelihood and potential impact of each identified threat on the security and functionality of the system. Prioritize threats based on their severity and the potential consequences they pose.
• Mitigate Threats: Develop and implement appropriate countermeasures and security controls to mitigate or eliminate identified threats. This may involve implementing access controls, encryption, input validation, error handling mechanisms, and other security best practices.
• Validate and Iterate: Validate the effectiveness of the implemented security controls through testing, validation, and ongoing monitoring. Continuously review and update the threat model to account for changes in the system, emerging threats, or evolving security requirements.

Introduction to Process for Attack Simulation and Threat Analysis (PASTA)

• Objectives of Risk Analysis
• Obtaining the Business Requirements
• Defining Data Protection Requirements
• Privacy Laws
• Initial Risk Profile
• Risk Management Objectives
• Risk Centric Threat Modeling
• Inherent Challenges to Threat Modeling
• Input/output for PASTA Process
• Definition of the Technical Scope (DTS)
• Application Decomposition and Analysis (ADA)
• Threat Analysis
• Weakness and Vulnerability Analysis (WVA)
• Attack Modeling and Simulation
• Risk Analysis and Management

Process for Attack Simulation and Threat Analysis

• Use Cases from Business Objectives
• Converging Security, Compliance and Privacy
• PASTA Objective Hierarchy
• Compliance and Business Impact
• Inherent Risk
• Integration Opportunities of PASTA
• Enumerate Software Components
• Identify Actors and Data Sources/sinks
• Enumerate System-level Services
• Enumerate Third Party Infrastructure
• Assert Completeness of Secure Technical Design
• Procurement’s Impact
• Enumerate Application Use Cases
• Data Flow Diagram (DFD) of Identified Components
• Security Functional Analysis

Common Attack Pattern Enumeration and Classification (CAPEC)

• HTTP Response Splitting
• SQL Injection
• XSS in HTTP Query Strings
• Session Fixation
• Phishing
• Filter Failure Through Buffer Overflow
• Removing Guard Logic
• Lifting Embedded Data
• Subvert Code Facilities
• Reflection Attack in Authentication Protocol
• Web Server Misclassification
• Forced Deadlock
• Cache Poisoning
• Restful Privilege Escalation

Threat Modeling within SDLC

• Identifying Assets
• Architecture Overview
• Application Decomposition
• Threat Identification
• Threat Documentation
• Threat Rating
• Damage Potential
• Reproducibility
• Exploitability
• Affected Users

Existing Threat Modeling Approaches

• Security Centric Approach
• Security Centric Threat Models for Complex Attacks
• STRIDE
• STRIDE Threat Categorization Table
• Common Vulnerability Scoring System (CVSS)
• Computer Emergency Response Team (CERT)
• Common Attack Pattern Enumeration and Classification (CAPEC)
• Risk Based Approach in Threat Modeling
• DREAD
• Threat Analysis and Modeling (TAM) Threat Modeling Tool
• SDL Threat Modeling
• Trike Methodology

Threat Analysis

• Credible Source of Threat Data
• Leverage Internal Sources of Data
• Enumerate Likely Threat Agents
• Threat Likelihood Value
• Analyzing Overall Threat Scenario
• Threat Intelligence Gathering from Internal Source
• Threat Intelligence Gathering from External Source
• Threat Library Update
• Threat Agents to Asset Mapping
• Probabilistic Value Around Identified Threats

Weakness and Vulnerability Analysis

• Correlating the Existing Vulnerability Data
• Identifying Weak Design Patterns
• Map Threats to Vulnerabilities
• Contextual Risk Analysis
• Targeted Vulnerability Testing

Attack Modeling and Simulation

• Possible Attack Scenarios
• Attack Library Update
• Attack Surface Update
• Enumerating the Attack Vectors
• Assessing the Probability of Attacks
• Derive a Set of Cases to Test Existing Countermeasures
• Conduct Attack Driven Security Tests

Residual Risk Analysis and Management

• Risk Assessment
• Internal/external Threat Data
• Viability of Attacks
• Identifying countermeasures
• Residual Risk Calculation
• Severity Rating
• Probability Coefficient
• Number of countermeasures
• Strategies to Risk Management

Hands On, Workshops, and Group Activities

• Labs
• Workshops
• Group Activities

Workshop 1: Threat Modeling with STRIDE

• Spoofing: This involves an attacker impersonating a legitimate user or system entity to gain unauthorized access or privileges. Examples include masquerading as an authenticated user or spoofing network addresses to bypass security controls.
• Tampering: Tampering threats involve unauthorized modification or alteration of data, code, or system configurations. Attackers may attempt to tamper with sensitive information, manipulate application logic, or modify system settings to achieve their objectives.
• Repudiation: Repudiation threats occur when an attacker denies their actions or involvement in a security incident. This can include actions such as deleting or modifying logs, transactions, or audit trails to conceal unauthorized activities
• Information Disclosure: Information disclosure threats involve the unauthorized exposure or leakage of sensitive data. Attackers may exploit vulnerabilities to access confidential information such as personal data, intellectual property, or proprietary business information.
• Denial of Service (DoS): Denial of service threats aim to disrupt or degrade the availability of a system or service, making it inaccessible to legitimate users. Attackers may launch DoS attacks to overwhelm resources, exhaust network bandwidth, or exploit software vulnerabilities to crash systems.
• Elevation of Privilege: Elevation of privilege threats involves attackers gaining unauthorized access to higher levels of privileges or permissions than they are entitled to. This can enable attackers to perform actions or access resources beyond their authorized scope, potentially leading to further exploitation or compromise.

Threat Simulation and Modeling Training