Shostack + Friends Blog

 

Spoofing In Depth

screencap of Adam in new LinkedIn Learning course

I'm quite happy to say that my next Linkedin Learning course has launched! This one is all about spoofing.

It's titled "Threat Modeling: Spoofing in Depth." It's free until at least a week after RSA.

Also, I'm exploring the idea that security professionals lack a shared body of knowledge about attacks, and that an entertaining and engaging presentation of such a BoK could be a useful contribution. A way to test this is to ask how often you hear attacks discussed at a level of abstraction that's puts the attacks into a category other than "OMG the sky is falling, patch now." Another way to test is to watch for fluidity in moving from one type of spoofing attack to another.

Part of my goal of the course is to help people see that attacks cluster and have similarities, and that STRIDE can act as a framework for chunking knowledge.