Training Course | Threat Modeling
Learn how to think about and protect against potential threats to applications and services
Threat Modeling is a training course all involved in the creation of web applications, from product owners to developers to security teams.
Duration: 1 Day
Location: Virtual | Classroom
Skill Level: Intermediate
Course delegates will complete the course having gained the following knowledge.
- How to share the flow of data through your application in a technology agnostic fashion
- How to identify & mitigate threats
- Consistent vocabulary and structure for discussing and managing security concerns
- Communicate security benefits to internal and external teams including non-technical stakeholders
Delegates will learn how to think about and protect against potential threats to their applications. Threat modeling is a team sport, so this is a collaborative course. Along the way, delegates will learn how to reason about their applications, ask pertinent questions and focus efforts on particular areas of concern.
Hugely interesting course and eye opening to understand all the vulnerabilities that exist. Even though we have security reps within the company this would make you think there is a need for specially trained staff whose sole focus is that.
Delegates will complete training in the following modules.
1. Setting the Scene
- Why does security matter?
- Examples of successful compromises
- The frequency and severity of attacks
- Cataloguing your data and how it is stored
- Data Protection and Compliance Requirements
2. An Introduction to Threat Modelling
- Advantages of performing threat modelling
- Understanding threat categories and STRIDE
- How threat modelling is used to define and understand application flaws
- Identifying critical paths in your application through data flow diagrams
- Driving effective testing through your threat model
3. How Attackers Identify Targets & Perform Reconnaissance
4. Threat Model Workshop
This module builds on the above practical learnings with a new application to model. Delegates are provided with a whiteboard tool and asked to break into groups to discuss and create a threat model for their application.
Delegates will then present their threat models to the group and receive honest & open feedback.
- Practical tools for running a collaborative threat modelling workshop
- How to produce meaningful lists of threats and mitigations through incremental and speedy threat modelling.
- How to create Data Flow Diagrams to visualise critical paths in your application
- Presenting and discussing outputs from a threat modelling session
Delegates should have at least 6 months of experience building applications.
Looking to continue on your learning path? The following courses are ideal as follow-on courses to Threat Modeling.
Or send us a quick message