One of the key components of our threat modeling methodology is the Attack Library with which what we’re trying to do is, with absolute minimal information, convey the relationship between the exploit, the cause and the fix. Furthermore, in order to make the Attack Library actionable, simple how-to’s are needed that non-security SMEs can use to
1. Understand how to test for the exploit.
2. Understand how to recognize a vulnerability.
3. Understand how to implement countermeasures.
A great way to get started with some of this stuff is through training modules. Keith Brown has put together a great set of videos and labs that go over some of the more common attacks out there. He discusses what they are, how they can be exploited and (most importantly!) how to mitigate them with countermeasures.
Check out these videos and labs here.
More on the Attack Library to come later… 🙂