Threat Modeling: Spoofing In Depth

Threat modeling is a framework for thinking about what goes wrong. Security pros and software developers should learn to threat model early in their careers, because it shapes every system they build and defend. Spoofing, pretending to be someone or something you’re not, is one of the key threats to systems. This course teaches you many of the ways in which spoofing happens, including spoofing of people, machines, file systems, and processes. As instructor Adam Shostack explains, spoofing entails many factors: what you know, who you are, where you are, who you know, and more. There’s spoofing of people and spoofing of roles, spoofing of processes or file spaces on a system, and spoofing of machine, IP, name, and TLS identities. Learning how and where these attacks take place will help you excel in your career and deliver more secure products and services.