ENG 301: How to Create an Application Security Threat Model
Building secure software begins with creating a threat model to understand the potential threats to an application. The threat modeling process starts by asking what an attacker’s goals might be, what information would be valuable to an attacker, and how would an attacker go about gaining access to that information? In this course, students will learn to identify the goals of threat modeling and the corresponding Software Development Lifecycle (SDLC) requirements, identify the roles and responsibilities involved in the threat modeling process, recognize when and what to threat model, and identify the tools that help with threat modeling.
Upon completion of this course, participants will be able to:
- Identify the goals of threat modeling and the corresponding SDL requirements
- Identify the roles and responsibilities involved in the threat modeling process
- Use the Threat Modeling process to accurately identify, mitigate, and validate threats
- Leverage various tools that help with threat modeling