This Threat Modeling course provides attendees with the knowledge required to identify, quantify, and address the security risks associated with an application – at the design stage of the SDLC. Through a combination of theory review and a strong emphasis on practical exercises, participants will learn how to:

• Integrate threat modelling into the application development life cycle
• Apply threat modelling for the early detection and prioritising of threats
• Design actionable solutions to protect or recover

The Threat Modeling course is a comprehensive and strategic overview of threat modeling techniques such as STRIDE.

For additional Web application security training please see the “Further Training” tab.

The topics covered include:

Introduction to Threat Modeling

• Key concepts
• Assets
• Threats
• Vulnerabilities

Designing Security

• Trust boundaries
• Attach Surfaces
• Top 10 Design Flaws

Structured Approaches

• STRIDE Model
• Conrucopia

Threat Modelling Process

• Actors
• Workshops
• Data Flow Diagrams
• Mitigations
• Risks

Format: The course combines theory and hands-on practical exercises. The participants start with an introduction to Threat Modelling. They are then given an overview of key considerations in designing security. This provides context from which to look at two of the most respected and adopted approaches – STRIDE and Cornucopia. Hands-on exercises are used to understand the process for Threat Modelling, using examples and applying the theory to practical scenario.

Duration: 1 day (8 hours)

The course is designed for professionals who are involved in the development, testing and/or management of web applications such as:

• Development Managers
• Business Analysts
• Application Developers
• Information Security professionals
• System Architects
• Systems Auditors

• Course materials (accessible in electronic format)
• Virtual image containing all tools used
• TM Cards
• Threat Modeling Manual
• Certificate of Participation (CPE Points)

• The (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness. Learn more about CSSLP training
• The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended. Learn more about our Web Application Security Training
• The Java Secure Coding Training and Web Application Secure Coding in Net courses are designed to instruct participants on best practice in secure coding using specific programming languages.
• The Secure Coding for PCI DSS course provides attendees specific knowledge and skills to apply the secure coding and application security standards needed for PCI DSS–relevant applications that process card payments and/or cardholder data. Learn more about our Secure Coding for PCI DSS training