Threat Modeling

Threat Modeling

AppSec 104 - Threat Modeling

About this course

AppSec 104 - Threat Modeling

Threat Modeling Training

Instructor:Fabio Cerullo
Next Scheduled Course:
TBC Live Online €700 (1 day)



Building applications that have the necessary level of security for an ever-changing threat landscape is critical and challenging. Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception. It also avoids costly rework and minimizes implementation delays. Taking a structured approach for identifying applicable threats provides the organisation with a better understanding of the risks they face and effective countermeasures they need to mitigate any attack.

About this course


This Threat Modeling course provides attendees with the knowledge required to identify, quantify, and address the security risks associated with an application – at the design stage of the SDLC. Through a combination of theory review and a strong emphasis on practical exercises, participants will learn how to:

  • Integrate threat modelling into the application development life cycle
  • Apply threat modelling for the early detection and prioritising of threats
  • Design actionable solutions to protect or recover

The Threat Modeling course is a comprehensive and strategic overview of threat modeling techniques such as STRIDE.

For additional Web application security training please see the “Further Training” tab.


The topics covered include:

Introduction to Threat Modeling

  • Key concepts
  • Assets
  • Threats
  • Vulnerabilities

Designing Security

  • Trust boundaries
  • Attach Surfaces
  • Top 10 Design Flaws

Structured Approaches

  • STRIDE Model
  • Conrucopia

Threat Modelling Process

  • Actors
  • Workshops
  • Data Flow Diagrams
  • Mitigations
  • Risks

Format: The course combines theory and hands-on practical exercises. The participants start with an introduction to Threat Modelling. They are then given an overview of key considerations in designing security. This provides context from which to look at two of the most respected and adopted approaches – STRIDE and Cornucopia. Hands-on exercises are used to understand the process for Threat Modelling, using examples and applying the theory to practical scenario.

Duration: 1 day (8 hours)

Attendee Profile

The course is designed for professionals who are involved in the development, testing and/or management of web applications such as:

  • Development Managers
  • Business Analysts
  • Application Developers
  • Information Security professionals
  • System Architects
  • Systems Auditors
  • Course materials (accessible in electronic format)
  • Virtual image containing all tools used
  • TM Cards
  • Threat Modeling Manual
  • Certificate of Participation (CPE Points)
Related Training