Domain 4 of 6 · Chapter 3 of 7

Applying the Secure SDLC

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing Certified Cloud Security Professional premium course — no separate purchase.

Included in this chapter:

  • Threat modeling: find, rank, and frame
  • Cloud-specific risks the model must add
  • Secure coding to a verifiable standard
  • Configuration management and versioning
  • Exam-pattern recognition

Threat-modeling methods: what each one is for

MethodPrimary jobShapeBest when
STRIDEEnumerate threats by categorySix-category checklist (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege)You need a complete, repeatable what-could-go-wrong pass over a design
DREADRank and prioritize threatsScoring rubric (Damage, Reproducibility, Exploitability, Affected users, Discoverability)You have findings and must decide what to fix first
PASTARisk- and attacker-centric processSeven stages from business objectives to attack simulationYou must tie technical threats to business impact for stakeholders
ATASMArchitecture-driven decompositionFour steps: Architecture, Threats, Attack Surfaces, MitigationsYou want a lightweight flow that starts from the system architecture

Decision tree

Need a full process tiedto business risk?PASTA7-stage, attacker-centricWant a lightweight,architecture-first flow?YesNoATASMArch, Threats, Surfaces, Mit.Listing what could go wrong,or ranking found threats?YesNoSTRIDEenumerate by 6 categoriesDREADscore to prioritizeListRankAlways: do it at design time; mitigations become security requirements

Cheat sheet

  • Threat model at design time, before code exists
  • STRIDE enumerates threats by six categories
  • DREAD ranks threats, it does not discover them
  • PASTA is the risk- and attacker-centric process
  • ATASM is the lightweight architecture-first flow
  • The four methods compose rather than compete
  • Shared responsibility decides which threats are yours to fix
  • Make the management plane an in-scope trust boundary
  • Multi-tenancy adds isolation and noisy-neighbor threats
  • Ephemeral compute means security state cannot live on the host
  • In the cloud the API is the primary attack surface
  • OWASP ASVS gives verifiable, pass/fail security requirements
  • Pick the ASVS level from data sensitivity, L1 to L3
  • SAFECode prescribes practices; ASVS verifies them
  • Default-deny outbound and validate URLs to stop SSRF on metadata
  • Enforce object-level authorization on the server for every access
  • A release you cannot reproduce or trace cannot be secured
  • Sign commits and tags so a forged history is detectable
  • Releases are immutable; a fix is a new version, never an in-place edit
  • An SBOM answers whether you shipped a now-vulnerable dependency
  • Sigstore keyless signing uses short-lived Fulcio certificates bound to an OIDC identity
  • Signature integrity depends on the hash algorithm and a trusted timestamp, not just key size
  • Every change needs review by someone other than the author before merge to a protected branch
  • Scan the rendered IaC plan and enforce guardrails with policy-as-code
  • Immutable infrastructure rebuilds from a golden image instead of patching in place

Unlock with Premium — includes all practice exams and the complete study guide.

Also tested in

References

  1. OWASP Threat Modeling Cheat Sheet
  2. Cloud Security Alliance — Shared Responsibility Model Whitepaper
  3. OWASP Application Security Verification Standard (ASVS)