DES 212 – Architecture Risk Analysis & Remediation

Course Overview

This course defines concepts, methods, and techniques for analyzing the architecture and design of a software system for security flaws. Special attention is given to analysis of security issues in existing applications; however, the principles and techniques are applicable to systems under development. Techniques include accurately capturing application architecture, threat modeling with attack trees, attack pattern analysis, and enumeration of trust boundaries.

Topics include:

• How to assess design components for security flaws
• The use and value of threat modeling and attack surface analysis
• Techniques to remove architecture weak spots and avoid vulnerability propagation