Threat Modeling Fundamentals

The Threat Modeling Fundamentals training course is designed to help students understand threat modeling, its approaches, tools, and benefits. The course begins with an overview of threat modeling and threat modeling approaches, then provides an overview of various threat modeling tools such as OWASP and PASTA. Next, the course covers threat modeling in practice, and the course concludes with a look at incremental threat modeling and how one can integrate threat modeling into the software development lifecycle. Along the way, students will review case studies and participate in several exercises to solidify their understanding.

Course Summary

Purpose: 
To teach students threat modeling, approaches, tools and benefits.
Audience: 
Students needing a foundation on how to identify potential risks and threats
Skill Level: 
Learning Style: 

Workshops are instructor-led lab-intensives focused on the practical application of technologies through the facilitation of a project-related lab. Workshops are just the opposite of Seminars. They deliver the highest level of knowledge transfer of any format. Think wide (breadth) and deep (depth).

Workshop help
Duration: 
2 Days
Productivity Objectives: 
  • Explain threat modeling and approaches to threat modeling
  • Compare various threat modeling tools
  • Evaluate incremental threat modeling
  • Integrate threat modeling into SDLC

What You'll Learn

In the Threat Modeling Fundamentals training course you’ll learn:

  • Introduction: What is Threat Modeling
  • Why Threat Model?
  • What Should a Threat Model Contain?
  • Who (and When) Should Engage in Threat Modeling?
  • Where Should We Put Our Threat Model?
  • Threat Modeling Approaches
    • Attacker-Centric, i.e., Think Like an Attacker!
    • Asset-Centric, i.e., What Do We Have to Lose?
    • Application-Centric, i.e., What are We Building (and Testing)?
  • Threat Modeling Tools
    • OSWASP Threat Dragon
    • PASTA–Process for Attack Simulation and Threat Analysis
    • OCTAVE– Operationally Critical Threat, Asset, and Vulnerability Evaluation
    • VAST–Visual, Agile, and Simple Threat Modeling
    • STRIDE–Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
    • Trike–Using Threat Models as a Risk-Management Tool
  • Practical Threat Modeling
    • Identifying the Scope
    • Data-Flow Diagramming
    • Swim-Lane Diagramming
    • State Machines
    • Target Analysis
    • Identifying and Documenting Threats
    • Rating Threats
    • Mitigating Threats
  • Incremental Threat Modeling
  • Integrating Threat Modeling into the Software Development Lifecycle

Get Custom Training Quote

We'll work with you to design a custom Threat Modeling Fundamentals training program that meets your specific needs. A 100% guaranteed plan that works for you, your team, and your budget.

Learn More

Chat with one of our Program Managers from our Boulder, Colorado office to discuss various training options.

DevelopIntelligence has been in the technical/software development learning and training industry for nearly 20 years. We’ve provided learning solutions to more than 48,000 engineers, across 220 organizations worldwide.

About Develop Intelligence
Di Clients
Need help finding the right learning solution?   Call us: 877-629-5631