Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Threat Modeling Fundamentals

Course Summary

The Threat Modeling Fundamentals training course ​is designed to help students understand threat modeling, it's approaches, tools, and benefits.

The course begins with an overview of threat modeling and threat modeling approaches, then provides an overview of various threat modeling tools such as OWASP and PASTA. Next, the course covers threat modeling in practice. The course concludes with a look at incremental threat modeling and how one can integrate threat modeling into the software development lifecycle.

Students will review case studies and participate in several exercises to solidify their understanding.

Purpose
 Learn about threat modeling, approaches, tools and benefits.
Audience
 Students who need a foundation on how to identify potential risks and threats.
Role
Software Developer - Technical Manager - Web Developer
Skill Level
Introduction
Style
Learning Spikes - Workshops
Duration
2 Days
Related Technologies
Secure Coding Training | Threat Modeling

 

Productivity Objectives
  • Explain threat modeling and approaches to threat modeling
  • Compare various threat modeling tools
  • Evaluate incremental threat modeling
  • Integrate threat modeling into SDLC

What You'll Learn:

In the Threat Modeling Fundamentals training course, you'll learn:
  • Introduction
    • What is Threat Modeling
    • Why Threat Model?
    • What Should a Threat Model Contain?
    • Who (and When) Should Engage in Threat Modeling?
    • Where Should We Put Our Threat Model?
  • Threat Modeling Approaches
    • Attacker-Centric, i.e., Think Like an Attacker!
    • Asset-Centric, i.e., What Do We Have to Lose?
    • Application-Centric, i.e., What are We Building (and Testing)?
  • Threat Modeling Tools
    • OSWASP Threat Dragon
    • PASTA-Process for Attack Simulation and Threat Analysis
    • OCTAVE- Operationally Critical Threat, Asset, and Vulnerability Evaluation
    • VAST-Visual, Agile, and Simple Threat Modeling
    • STRIDE-Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
    • Trike-Using Threat Models as a Risk-Management Tool
  • Practical Threat Modeling
    • Identifying the Scope
    • Data-Flow Diagramming
    • Swim-Lane Diagramming
    • State Machines
    • Target Analysis
    • Identifying and Documenting Threats
    • Rating Threats
    • Mitigating Threats
  • Incremental Threat Modeling
  • Integrating Threat Modeling into the Software Development Lifecycle
real world content

Real-World Content

Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.
expert practitioners

Expert Practitioners

Industry experts that bring their battle scars into the classroom.
experiential learning

Experiential Learning

More coding than lecture, coupled with architectural and design discussions.
tailored outlines

Tailored Outlines

One-size-fits-all doesn't apply to training teams. That's where we come in!
“I appreciated the instructor's technique of writing live code examples rather than using fixed slide decks to present the material.”

VMware

Dive in and learn more

When transforming your workforce, it's important to have expert advice and tailored solutions. We can help. Tell us your unique needs and we'll explore ways to address them.

Let's chat

By filling out this form and clicking submit, you acknowledge our privacy policy.