Threat Modelling Workshop

  • 1 Day
  • Intermediate
  • Virtual | Classroom
  • £ On Request

Learn how to identify and protect your applications from common vulnerabilities and attacks with this 1-day comprehensive, hands-on threat modelling workshop. Delivered by an expert in modern application security.

Book For My Team

Overview

Threat modelling is the process of identifying and finding solutions to security threats and vulnerabilities in your software. It is a fundamental working practice the modern software development team, one that enables teams to better reason about and protect their software systems from attack.

In this course, attendees will learn the ins and outs of threat modelling, covering the tools and techniques used to identify, categorise and mitigate potential threats. It is a highly practical course where participants will learn how to run an actual threat modelling workshop, working as a team to produce effective lists of threats and mitigations.

Objectives

  • Learn how to conduct a threat risk modelling workshop, working as a team
  • How to create Data Flow Diagrams to visualise application flows and potential attack points
  • Build a consistent language for categorising threats (STRIDE) and framing security discussions

Outline

Setting the Scene

  • Why does security matter?
  • Examples of successful compromises
  • The frequency and severity of attacks
  • Cataloguing your data and how it is stored
  • Data Protection and Compliance Requirements

Introduction to Threat Modelling

  • Advantages of performing threat modelling
  • Understanding threat categories and STRIDE
  • How threat modelling is used to define and understand application flaws
  • Identifying critical paths in your application through data flow diagrams
  • Driving effective testing through your threat model.

Running Threat Model Workshops

  • Practical tools for running a collaborative threat modelling workshop
  • How to produce meaningful lists of threats and mitigations through incremental and speedy threat modelling.
  • How to create Data Flow Diagrams to visualise critical paths in your application
  • Presenting and discuss actual outputs from a threat modelling session

About The Trainer

Simon Whittaker has been providing security services & training to both local organisations and some of the world’s largest companies for over 10 years.

Simon’s background in both development & System/Network Administration provides a great view on how best to compromise and secure required services & applications while also ensuring that training courses, content & practicals can be aimed at the right audiences.

Most of Simon’s work involves working with companies to test and improve secure coding practices, penetration & security testing and providing security consultancy to companies that are keen to improve their processes & procedures.

Simon also has great experience in developing & implementing efficient and effective practices across departments to assist with securing and retaining external quality recognition such as ISO27001.

Requirements

This workshop is suitable for anyone working in a software development, engineers, designers, business analysts, QA, etc - all will benefit from attending this course, ideally as a team.

Attendees should have at least 6 months industry experience to get the most out of this workshop. It is a highly practical workshop with at least 80% of your time spent modelling and working collaboratively in groups.

Simon Whittaker

Helps companies and developers protect their software from the bad guys.

Follow Simon
For a breakdown of what to expect in our training, check out our training overview page.

Great course, great materials, good exercises. Simon is a really great teacher have picked up some helpful hints on what to look out for. The threat modelling exercise was worthwhile. I think all employees should do this course.

This was a very detailed and interesting course that has covered number of topics which were interactive and easy to fallow. Simon was a great teacher who has explained everything really well and was very approachable. Thank you for your time and effort.

Hugely interesting course and eye opening to understand all the vulnerabilities that exist. Even though we have security reps within the company this would make you think there is a need for specially trained staff whose sole focus is that.

Deloitte logo
Atlassian logo
Workday logo
BMW logo
Amex logo
McAfee logo
PWC logo