ENG 801: Effective Threat Modeling

Live Training English
Duration: 1/2 day to 1 day | Course is offered in English

Course Overview

This course introduces the technique of threat modeling, its primary goals, and its role within software development. Once you are familiar with the concepts behind threat modeling, the entire threat modeling process is demonstrated – giving you the knowledge you need to apply threat modeling to your own products and design/develop more secure code.

Upon completion of this course, participants will be able to:

  • Identify the goals of threat modeling
  • Understand the importance of early lifecycle security best practices such as threat modeling
  • Identify the roles and responsibilities involved in the threat modeling process
  • Use Threat Modeling to accurately identify, mitigate, and validate threats
  • Leverage various tools to assist in threat modeling
  • Create a threat model of your software

Modules Covered

Defining Threat Modeling

This module presents detailed information that will allow participants to understand the importance of threat modeling to mitigate risk, and quickly gain an understanding of how to approach building threat models of their software. Upon completion of this course, participants will be able to:

  • Identify the goals of threat modeling
  • Recognize the relationship between threat modeling and the Software Development Lifecycle (SDLC)
  • Identify the roles involved in the threat modeling process
  • Understand what and when to threat model

Applying the Threat Modeling Process

This module describes in detail the threat modeling process and procedures to follow in order to apply each step. It includes a lab to help participants apply what they've learned in a real-world scenario. After completing this module, participants will be able to:

  • Describe the application using diagrams
  • Identify threat types by using STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege)
  • Identify appropriate mitigation techniques
  • Recognize the role of the threat model document
  • Understand the various threat modeling tools available to you

Optional: Advanced Threat Modeling 1/2 Day

If desired, we can add another half-day of training that provides more in-depth coverage of threat modeling principles and allows participants to conduct an actual threat modeling exercise on a software product of their choice.