Moocable is learner-supported. When you buy through links on our site, we may earn an affiliate commission.
Threat Modeling: Denial of Service and Elevation of Privilege
Description
This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.
Tags
Syllabus
Introduction
- Let me interrupt you
- STRIDE and the four question framework
- DoS in context
- Attackers fill networks
- How attackers redline your CPU
- How attackers fill storage
- How attackers spend your budget
- How attackers drain your battery
- Persistence and transience of DoS
- Naïve to clever: Understanding DoS
- Amplified or native: Two modes of DoS
- Mobile and IoT denial of service
- Cloud denial of service
- Designing for resilience
- Quantity as a defense
- What is elevation of privilege?
- Input corrupts
- Main forms of corrupt input
- Ways to defend against EOP
- Validation to defend against elevation
- Validate for purpose to prevent elevations
- Validation not sanitization for defense
- Attenuation in defense
- Memory safety as a defensive tool
- Stack canaries to protect your code
- Sandboxes and isolation protect your environment
- Bolt-on or built-in defenses
- Making great strides
![](https://d3f1iyfxxz8i1e.cloudfront.net/courses/course_image/8dc1dc5b1536.jpeg)
Threat Modeling: Denial of Service and Elevation of Privilege
Affiliate notice
-
TypeOnline Course
-
Provider
This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.
Introduction
- Let me interrupt you
- STRIDE and the four question framework
- DoS in context
- Attackers fill networks
- How attackers redline your CPU
- How attackers fill storage
- How attackers spend your budget
- How attackers drain your battery
- Persistence and transience of DoS
- Naïve to clever: Understanding DoS
- Amplified or native: Two modes of DoS
- Mobile and IoT denial of service
- Cloud denial of service
- Designing for resilience
- Quantity as a defense
- What is elevation of privilege?
- Input corrupts
- Main forms of corrupt input
- Ways to defend against EOP
- Validation to defend against elevation
- Validate for purpose to prevent elevations
- Validation not sanitization for defense
- Attenuation in defense
- Memory safety as a defensive tool
- Stack canaries to protect your code
- Sandboxes and isolation protect your environment
- Bolt-on or built-in defenses
- Making great strides
Tags
Loading...
Saving...
Loading...