Shostack + Friends Blog

Spoofing In Depth

screencap of Adam in new LinkedIn Learning course

I'm quite happy to say that my next Linkedin Learning course has launched! This one is all about spoofing.

It's titled "Threat Modeling: Spoofing in Depth." It's free until at least a week after RSA.

Also, I'm exploring the idea that security professionals lack a shared body of knowledge about attacks, and that an entertaining and engaging presentation of such a BoK could be a useful contribution. A way to test this is to ask how often you hear attacks discussed at a level of abstraction that's puts the attacks into a category other than "OMG the sky is falling, patch now." Another way to test is to watch for fluidity in moving from one type of spoofing attack to another.

Part of my goal of the course is to help people see that attacks cluster and have similarities, and that STRIDE can act as a framework for chunking knowledge.

Originally published by Adam on 28 Feb 2019
Categories: threat modeling

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.