This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 2.4 of Cloud Threats and Attack Vectors
STRIDE threat classification, applying STRIDE to a cloud workload, and the MITRE ATT&CK for Cloud matrix.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
MITRE ATT&CK for Cloud Matrix
The complete MITRE ATT&CK for Cloud matrix covering AWS, Azure, GCP, Microsoft 365, and SaaS platforms.
MITRE ATT&CK for Cloud Matrix
The complete MITRE ATT&CK for Cloud matrix covering AWS, Azure, GCP, Microsoft 365, and SaaS platforms.
Microsoft STRIDE Threat Model Overview
Microsoft documentation on the STRIDE model and the Threat Modeling Tool for cloud architectures.
Microsoft STRIDE Threat Model Overview
Microsoft documentation on the STRIDE model and the Threat Modeling Tool for cloud architectures.
OWASP Threat Modeling Cheat Sheet
OWASP practical guidance on threat modeling including STRIDE application to web applications.
OWASP Threat Modeling Cheat Sheet
OWASP practical guidance on threat modeling including STRIDE application to web applications.
CloudGoat — Vulnerable AWS Lab for ATT&CK Techniques
Rhino Security Labs intentionally vulnerable AWS environment for practising cloud attack techniques.
CloudGoat — Vulnerable AWS Lab for ATT&CK Techniques
Rhino Security Labs intentionally vulnerable AWS environment for practising cloud attack techniques.
Quadrant 4 · Self-Assessment
Cloud Threats, Attacks and Privacy
CSA Top 10, SSRF/IMDS, IMDSv2, EDoS, man-in-the-cloud, STRIDE, MITRE ATT&CK for Cloud, and data residency.
Cloud Security: Complete Assessment
Comprehensive 120-question assessment covering all six chapters of the Cloud Security eBook 2026.