Moocable is learner-supported. When you buy through links on our site, we may earn an affiliate commission.
Information Security

Threat Modeling: Denial of Service and Elevation of Privilege

via LinkedIn Learning

Description

This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.

Tags
Higher Education

Syllabus

Introduction
  • Let me interrupt you
  • STRIDE and the four question framework
1. DoS Targets
  • DoS in context
  • Attackers fill networks
  • How attackers redline your CPU
  • How attackers fill storage
  • How attackers spend your budget
  • How attackers drain your battery
2. Properties of DoS Attacks
  • Persistence and transience of DoS
  • Naïve to clever: Understanding DoS
  • Amplified or native: Two modes of DoS
3. DoS in Various Technologies
  • Mobile and IoT denial of service
  • Cloud denial of service
4. DoS Defenses
  • Designing for resilience
  • Quantity as a defense
5. EOP
  • What is elevation of privilege?
  • Input corrupts
  • Main forms of corrupt input
6. EOP Defenses
  • Ways to defend against EOP
  • Validation to defend against elevation
  • Validate for purpose to prevent elevations
  • Validation not sanitization for defense
  • Attenuation in defense
  • Memory safety as a defensive tool
  • Stack canaries to protect your code
  • Sandboxes and isolation protect your environment
  • Bolt-on or built-in defenses
Conclusion
  • Making great strides

Start Learning Find study partner
Online Course
Information Security

Threat Modeling: Denial of Service and Elevation of Privilege

via LinkedIn Learning
Start Learning Find study partner
Affiliate notice

This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.

Introduction
  • Let me interrupt you
  • STRIDE and the four question framework
1. DoS Targets
  • DoS in context
  • Attackers fill networks
  • How attackers redline your CPU
  • How attackers fill storage
  • How attackers spend your budget
  • How attackers drain your battery
2. Properties of DoS Attacks
  • Persistence and transience of DoS
  • Naïve to clever: Understanding DoS
  • Amplified or native: Two modes of DoS
3. DoS in Various Technologies
  • Mobile and IoT denial of service
  • Cloud denial of service
4. DoS Defenses
  • Designing for resilience
  • Quantity as a defense
5. EOP
  • What is elevation of privilege?
  • Input corrupts
  • Main forms of corrupt input
6. EOP Defenses
  • Ways to defend against EOP
  • Validation to defend against elevation
  • Validate for purpose to prevent elevations
  • Validation not sanitization for defense
  • Attenuation in defense
  • Memory safety as a defensive tool
  • Stack canaries to protect your code
  • Sandboxes and isolation protect your environment
  • Bolt-on or built-in defenses
Conclusion
  • Making great strides

Tags

Higher Education

Quick Links

Browse by subject

Browse by provider

Browse by university

Browse by publisher

Browse by institution

Roadmaps

Posts