Training Course | Threat Modeling

Learn how to think about and protect against potential threats to applications and services

Threat Modeling is a training course all involved in the creation of web applications, from product owners to developers to security teams.

Course Information

Duration: 1 Day

Location: Virtual | Classroom

Skill Level: Intermediate

Learning Outcomes

Course delegates will complete the course having gained the following knowledge.

  • How to share the flow of data through your application in a technology agnostic fashion
  • How to identify & mitigate threats
  • Consistent vocabulary and structure for discussing and managing security concerns
  • Communicate security benefits to internal and external teams including non-technical stakeholders

Course Outline

Delegates will learn how to think about and protect against potential threats to their applications. Threat modeling is a team sport, so this is a collaborative course. Along the way, delegates will learn how to reason about their applications, ask pertinent questions and focus efforts on particular areas of concern.

Hugely interesting course and eye opening to understand all the vulnerabilities that exist. Even though we have security reps within the company this would make you think there is a need for specially trained staff whose sole focus is that.

Course Attendee

Modules

Delegates will complete training in the following modules.

1. Setting the Scene
  • Why does security matter?
  • Examples of successful compromises
  • The frequency and severity of attacks
  • Cataloguing your data and how it is stored
  • Data Protection and Compliance Requirements
2. An Introduction to Threat Modelling
  • Advantages of performing threat modelling
  • Understanding threat categories and STRIDE
  • How threat modelling is used to define and understand application flaws
  • Identifying critical paths in your application through data flow diagrams
  • Driving effective testing through your threat model
3. How Attackers Identify Targets & Perform Reconnaissance
  • ...
4. Threat Model Workshop

This module builds on the above practical learnings with a new application to model. Delegates are provided with a whiteboard tool and asked to break into groups to discuss and create a threat model for their application.

Delegates will then present their threat models to the group and receive honest & open feedback.

  • Practical tools for running a collaborative threat modelling workshop
  • How to produce meaningful lists of threats and mitigations through incremental and speedy threat modelling.
  • How to create Data Flow Diagrams to visualise critical paths in your application
  • Presenting and discussing outputs from a threat modelling session

Prerequisites

Delegates should have at least 6 months of experience building applications.

Further Learning

Looking to continue on your learning path? The following courses are ideal as follow-on courses to Threat Modeling.

Training Course | Engineering Principles

Fast-track your techniques and thinking that enable the creation of great software

Learn more

Training Course | Security by Design

Gain an understanding of how to write code that is more secure by adopting great software engineering practices.

Learn more

Training Course | Breaking Applications

Learn how to break applications and infrastructure, ask pertinent questions and focus efforts on particular areas of concern.

Learn more

Need help?

Email Us
email hidden; JavaScript is required

Call Us
+ 4428 9099 5777

Or send us a quick message

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.