DES 212: Architecture Risk Analysis and Remediation
This course defines concepts, methods, and techniques for analyzing the architecture and design of a software system for security flaws. Special attention is given to analysis of security issues in existing applications; however, the principles and techniques are applicable to systems under development. Techniques include accurately capturing application architecture, threat modeling with attack trees, attack pattern analysis, and enumeration of trust boundaries.
Upon completion of this course, participants will be able to:
- Extract architecture views of a software system suitable for security analysis
- Apply a number of complementary techniques to find security vulnerabilities that cannot be easily discovered through tools
- Weigh the comparative impact of design-level security
- Apply techniques and methodologies to model threats, trust, and data sensitivity
- Build abuse cases and use them to explore how your software might be attacked
- Integrate Architecture Risk Analysis with the management of security knowledge in your organization
This course can be customized for Instructor-Led training. Course contents and duration may vary. Contact us for details.