|

Date : TBC

Training Format & Duration
  • Live Online / On-Site / Private Team Training
  • 1 day (8 hours)
Do you have 5 or more attendees?

Official Training Partner

Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.

 |

Date : TBC

Do you have 5 or more attendees?
Contact Us about Team Training >>
bkg-decorativelines-big-white

Next Scheduled Course

Next Scheduled Course

No items found.

About this course

About this course

Why this course?

Objectives

This Threat Modeling course provides attendees with the knowledge required to identify, quantify, and address the security risks associated with an application – at the design stage of the SDLC. Through a combination of theory review and a strong emphasis on practical exercises, participants will learn how to:

  • Integrate threat modelling into the application development life cycle
  • Apply threat modelling for the early detection and prioritising of threats
  • Design actionable solutions to protect or recover

The Threat Modeling course is a comprehensive and strategic overview of threat modeling techniques such as STRIDE.

For additional Web application security training please see Related Training at the end of this page.

Overview

The topics covered include:

Introduction to Threat Modeling

  • Key concepts
  • Assets
  • Threats
  • Vulnerabilities

Designing Security

  • Trust boundaries
  • Attach Surfaces
  • Top 10 Design Flaws

Structured Approaches

  • STRIDE Model
  • Conrucopia

Threat Modelling Process

  • Actors
  • Workshops
  • Data Flow Diagrams
  • Mitigations
  • Risks

Format: The course combines theory and hands-on practical exercises. The participants start with an introduction to Threat Modelling. They are then given an overview of key considerations in designing security. This provides context from which to look at two of the most respected and adopted approaches – STRIDE and Cornucopia. Hands-on exercises are used to understand the process for Threat Modelling, using examples and applying the theory to practical scenario.

Duration: 1 day (8 hours)

Attendee Profile

The course is designed for professionals who are involved in the development, testing and/or management of web applications such as:

  • Development Managers
  • Business Analysts
  • Application Developers
  • Information Security professionals
  • System Architects
  • Systems Auditors

Attendee Testimonials

Benefits

What is included?

  • 25.5 hours of on-demand video
  • 13 downloadable resources
  • Lifetime access
  • Certificate of completion

Differentiators

  • 25.5 hours of on-demand video
  • 13 downloadable resources
  • Lifetime access
  • Certificate of completion

Recognition

Exam & Certifications

Materials

  • Course materials (accessible in electronic format)
  • Virtual image containing all tools used
  • TM Cards
  • Threat Modeling Manual
  • Certificate of Participation (CPE Points)
Proudly Certified for Excellence in Cybersecurity Training

ISC2 Official Training Partner

ISC2 Official Training Partner

As an ISC2 Official Training Partner, we provide access to world-class certifications such as CISSP®, CCSP®, and SSCP®, delivering training that aligns with the latest industry standards.

By partnering with ISC2, we ensure our clients stay ahead in the ever-evolving cybersecurity landscape, confidently equipped to protect critical data and infrastructure.

Cycubix-ISC2-Official-Training-Partner-logo

Team Training with Cycubix

Team Training with Cycubix

Get the best out of our trainings

Get the best out of our trainings

Instructors

The minds behind the course

The minds behind the course

Picture of Fabio Cerullo Cybersecurity Instructor

Fabio Cerullo

Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP

Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.

Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.

Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.

Show (Instructors)

The minds behind the course

The minds behind the course

Picture of Fabio Cerullo Cybersecurity Instructor

Fabio Cerullo

Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.

Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.

Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.