Threat Modeling

Threat Modeling

About this course

Threat Modeling Training

Instructor:Fabio Cerullo
Next Scheduled Course:



Building applications that have the necessary level of security for an ever-changing threat landscape is critical and challenging. Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception. It also avoids costly rework and minimizes implementation delays. Taking a structured approach for identifying applicable threats provides the organisation with a better understanding of the risks they face and effective countermeasures they need to mitigate any attack.

About this course


This Threat Modeling course provides attendees with the knowledge required to identify, quantify, and address the security risks associated with an application – at the design stage of the SDLC. Through a combination of theory review and a strong emphasis on practical exercises, participants will learn how to:

  • Integrate threat modelling into the application development life cycle
  • Apply threat modelling for the early detection and prioritising of threats
  • Design actionable solutions to protect or recover

The Threat Modeling course is a comprehensive and strategic overview of threat modeling techniques such as STRIDE.

For additional Web application security training please see the “Further Training” tab.


The topics covered include:

Introduction to Threat Modeling

  • Key concepts
  • Assets
  • Threats
  • Vulnerabilities

Designing Security

  • Trust boundaries
  • Attach Surfaces
  • Top 10 Design Flaws

Structured Approaches

  • STRIDE Model
  • Conrucopia

Threat Modelling Process

  • Actors
  • Workshops
  • Data Flow Diagrams
  • Mitigations
  • Risks

Format: The course combines theory and hands-on practical exercises. The participants start with an introduction to Threat Modelling. They are then given an overview of key considerations in designing security. This provides context from which to look at two of the most respected and adopted approaches – STRIDE and Cornucopia. Hands-on exercises are used to understand the process for Threat Modelling, using examples and applying the theory to practical scenario.

Duration: 1 day (8 hours)

Attendee Profile

The course is designed for professionals who are involved in the development, testing and/or management of web applications such as:

  • Development Managers
  • Business Analysts
  • Application Developers
  • Information Security professionals
  • System Architects
  • Systems Auditors
  • Course materials (accessible in electronic format)
  • Virtual image containing all tools used
  • TM Cards
  • Threat Modeling Manual
  • Certificate of Participation (CPE Points)
Related Training
  • The (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness.
  • The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended.
  • The Web Application Secure Coding in Java and Web Application Secure Coding in .Net courses are designed to instruct participants on best practice in secure coding using specific programming languages.

User registration

You don't have permission to register

Reset password