About this course
Building applications that have the necessary level of security for an ever-changing threat landscape is critical and challenging. Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception. It also avoids costly rework and minimizes implementation delays. Taking a structured approach for identifying applicable threats provides the organisation with a better understanding of the risks they face and effective countermeasures they need to mitigate any attack.
About this course
This Threat Modeling course provides attendees with the knowledge required to identify, quantify, and address the security risks associated with an application – at the design stage of the SDLC. Through a combination of theory review and a strong emphasis on practical exercises, participants will learn how to:
- Integrate threat modelling into the application development life cycle
- Apply threat modelling for the early detection and prioritising of threats
- Design actionable solutions to protect or recover
The topics covered include:
Introduction to Threat Modeling
- Key concepts
- Trust boundaries
- Attach Surfaces
- Top 10 Design Flaws
- STRIDE Model
Threat Modelling Process
- Data Flow Diagrams
Format: The course combines theory and hands-on practical exercises. The participants start with an introduction to Threat Modelling. They are then given an overview of key considerations in designing security. This provides context from which to look at two of the most respected and adopted approaches – STRIDE and Cornucopia. Hands-on exercises are used to understand the process for Threat Modelling, using examples and applying the theory to practical scenario.
Duration: 1 day (8 hours)
The course is designed for professionals who are involved in the development, testing and/or management of web applications such as:
- Development Managers
- Business Analysts
- Application Developers
- Information Security professionals
- System Architects
- Systems Auditors
- Course materials (accessible in electronic format)
- Virtual image containing all tools used
- TM Cards
- Threat Modeling Manual
- Certificate of Participation (CPE Points)
- The (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness.
- The Web Application Secure Coding in Java and Web Application Secure Coding in .Net courses are designed to instruct participants on best practice in secure coding using specific programming languages.