Threat Modelling Workshop Course

Overview

Threat modelling is the process of identifying and finding solutions to security threats and vulnerabilities in your software. It is a fundamental working practice of the modern software development team, one that enables teams to better reason about and protect their software systems from attack.

In this course, attendees will learn the ins and outs of threat modelling, covering the tools and techniques used to identify, categorise and mitigate potential threats. It is a highly practical course where participants will learn how to run an actual threat modelling workshop, working as a team to produce effective lists of threats and mitigations.

Objectives

Learn how to conduct a threat risk modelling workshop, working as a team
How to create Data Flow Diagrams to visualise application flows and potential attack points
Build a consistent language for categorising threats (STRIDE) and framing security discussions

Outline

Setting the Scene

Why does security matter?
Examples of successful compromises
The frequency and severity of attacks
Cataloguing your data and how it is stored
Data Protection and Compliance Requirements

Introduction to Threat Modelling

Advantages of performing threat modelling
Understanding threat categories and STRIDE
How threat modelling is used to define and understand application flaws
Identifying critical paths in your application through data flow diagrams
Driving effective testing through your threat model.

Running Threat Model Workshops

Practical tools for running a collaborative threat modelling workshop
How to produce meaningful lists of threats and mitigations through incremental and speedy threat modelling.
How to create Data Flow Diagrams to visualise critical paths in your application
Presenting and discussing actual outputs from a threat modelling session

Requirements

This workshop is suitable for anyone working in a software development, engineers, designers, business analysts, QA, etc. - all will benefit from attending this course, ideally as a team.

Attendees should have at least 6 months of industry experience to get the most out of this workshop. It is a highly practical workshop with at least 80% of your time spent modelling and working collaboratively in groups.

COURSE

Threat Modelling Workshop

Identify and protect your applications from common vulnerabilities and attacks with this expert-led 1-day threat modelling workshop.

1 Day
Intermediate
In-person / Online
£ On Request

Book for my team

“Great Course”

Great Course, content was really interesting and the trainer did a great job taking us through it.

“Learned a lot in a short time”

Great training course. A good mixture of theory and practicals, learned a lot in a short time. Thanks to the trainer!

“A great amount of hands on work that was quite fun”

Great coverage of theory as well as a great amount of hands on work that was quite fun. Contribution was also very encouraged.

Related Courses

All Levels

Engineering Best Practices

Intermediate

Capture the Flag

All Levels

Security by Design

View All Courses