Managing Risk with Threat Modeling
Threat Modeling is a key practice for organizations wanting to design and develop secure applications as it helps to identify potential security vulnerabilities early in the process when they are inexpensive to fix. This one day course is designed for Security Professionals, Architects and Sr. Developers. This course is a combination of theory, practical examples, brainstorming sessions, quizzes and interactive lab exercises where participants build a threat model as a part of the exercise and identify mitigation strategies to fix those threats so as to not introduce any such vulnerabilities. This course walks through the Threat Modeling process step by step so that students understand the value of Threat Modeling and can build threat models for their own systems.
Course Outline
- Understand what Threat Modeling is and various approaches to Threat Modeling
- Asset Centric
- Attacker Centric
- Software Centric
- SDLC process and what are the security touch-points in various phases.
- Understand how to use Threat Modeling in application development.
- Building a threat model. How much do I diagram? What should I diagram?
- Think like an attacker
- Identify Various components of a threat model
- Who is an attacker?
- Attributes of an attacker
- Attributes of a threat
- Identifying Attack Surface
- Associating risk with a Threat
- Associating abuse cases with a use case
- Elements of an abuse case
- Building Attack Trees
- Threat Traceability Matrix
- Mapping threats to business requirements.
- Use QA to drive threat traceability?
- Dynamically changing threat risk
- How to mitigate after you have done threat modeling?
Duration – One day
Facility Requirement
- Projector
- Whiteboard
- Computer (Desktop/Laptop) with windows and firefox browser
- Internet connection
Contact: sales@myappsecurity.com
Download the brochure below: