Building Secure Software

Threat Model Express

Course Learning Objectives

  • Understand the benefits of a traditional threat model vs. a threat model express exercise
  • Engage in asking valuable questions that will effectively identify potential threats within an application
  • Learn who should be involved in a Threat Model Express exercise and how to apply the model within your organization
  • Engage in a Threat Model Express exercise given a scenario

Description

Students will learn about the attacks that their applications may face and then an informal approach to threat modeling. They will first learn the steps in executing a Threat Model Express, and then they will engage in a guided fictional exercise.

Audience

Application developers / Application architects / Security professionals

Time Required

Tailored learning - 60 minutes total

Course Outline

  1. Module 1 – Threat model express
    • What is Threat Modeling?
    • Traditional vs. Express
    • Goals of the Threat Model
    • Importance of Scope
    • TME Process
    • What kinds of information to gather
    • Sources to gather information from
    • Finding more about the application
    • Distilling an application
    • Developing data flow diagrams
    • Asking the right questions
    • Who to invite
    • Roles of the participants
  2. Module 2 – Performing a TME session
    • Determining threats
    • STRIDE
    • Attacker motivations
    • Establishing threats
    • Determining risks
    • Factors of impact
    • Impact rating
    • Factors of likelihood
    • Likelihood rating
    • Risk ranking
    • Countermeasures
    • What’s next?
  3. + Expand Course Outline

$200.00 *prices shown in USD Add to Cart or Subscribe your team