Overview
Threat modelling is the process of identifying and finding solutions to security threats and vulnerabilities in your software. It is a fundamental working practice of the modern software development team, one that enables teams to better reason about and protect their software systems from attack.
In this course, attendees will learn the ins and outs of threat modelling, covering the tools and techniques used to identify, categorise and mitigate potential threats. It is a highly practical course where participants will learn how to run an actual threat modelling workshop, working as a team to produce effective lists of threats and mitigations.
Objectives
- Learn how to conduct a threat risk modelling workshop, working as a team
- How to create Data Flow Diagrams to visualise application flows and potential attack points
- Build a consistent language for categorising threats (STRIDE) and framing security discussions
Outline
Setting the Scene
- Why does security matter?
- Examples of successful compromises
- The frequency and severity of attacks
- Cataloguing your data and how it is stored
- Data Protection and Compliance Requirements
Introduction to Threat Modelling
- Advantages of performing threat modelling
- Understanding threat categories and STRIDE
- How threat modelling is used to define and understand application flaws
- Identifying critical paths in your application through data flow diagrams
- Driving effective testing through your threat model.
Running Threat Model Workshops
- Practical tools for running a collaborative threat modelling workshop
- How to produce meaningful lists of threats and mitigations through incremental and speedy threat modelling.
- How to create Data Flow Diagrams to visualise critical paths in your application
- Presenting and discussing actual outputs from a threat modelling session
Requirements
This workshop is suitable for anyone working in a software development, engineers, designers, business analysts, QA, etc. - all will benefit from attending this course, ideally as a team.
Attendees should have at least 6 months of industry experience to get the most out of this workshop. It is a highly practical workshop with at least 80% of your time spent modelling and working collaboratively in groups.