About the course
This Threat Modelling workshop equips participants with the knowledge and skills to proactively identify and mitigate security vulnerabilities in software and systems. You'll learn the core principles of Threat Modelling, its importance in the software development lifecycle, and how to "shift left" to address security early in the design phase.
Through practical exercises, you'll learn techniques like identifying assets, vulnerabilities, and threats, assessing risk, and applying the STRIDE methodology. The workshop emphasises preventing insecure design issues by incorporating security and privacy-related controls and secure design patterns.
Instructor-led online and in-house face-to-face options are available - as part of a wider customised training programme, or as a standalone workshop, on-site at your offices or at one of many flexible meeting spaces in the UK and around the World.
-
- Understand the principles and importance of Threat Modelling.
- Identify and document assets, vulnerabilities, and threats.
- Assess and prioritise risks using established methodologies.
- Apply the STRIDE methodology to identify common threat categories.
- Create Threat Models for software and systems.
- Prevent insecure design issues by applying security and privacy-related controls.
- Utilise secure design patterns for authentication, access control, and business logic.
- Integrate Threat Modelling with unit and integration testing.
- Effectively communicate security risks to stakeholders.
- Implement mitigation techniques to address identified threats.
-
This workshop is designed for:
Software developers
System architects
Security engineers
DevOps engineers
Anyone involved in the software development lifecycle
-
To get the most out of this workshop, you should have:
Basic understanding of software development processes.
Familiarity with software design concepts.
Some knowledge of common security vulnerabilities.
-
This Threat Modelling course is available for private / custom delivery for your team - as an in-house face-to-face workshop at your location of choice, or as online instructor-led training via MS Teams (or your own preferred platform).
Get in touch to find out how we can deliver tailored training which focuses on your project requirements and learning goals.
-
Introduction to Threat Modelling
What is it and why should we do it?
What do we mean by "Push left"?
Threat Modelling Values
Identifying & Recording the Threat Modelling Triumvirate
Assets
Vulnerabilities
Threats
What action can you take?
Risk
Prioritising & Assessing and Rating Risk
STRIDE
Creating a Threat Model
Team exercise
Preventing Insecure Design Issues
Security and Privacy-related controls
Secure Design Patterns
Authentication, Access control, Business logic, and Key Flows
Unit / Integration Testing
Further mitigation techniques
-
OWASP Threat Modelling: https://owasp.org/www-community/Threat_Modeling - The OWASP Threat Modelling page, a valuable resource for information and tools.
Microsoft Threat Modeling Tool: https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool - Information about Microsoft's free Threat Modelling tool.
OWASP Application Security Verification Standard (ASVS): https://owasp.org/www-project-application-security-verification-standard/ - A standard for application security, useful in conjunction with Threat Modelling.
UK National Cyber Security Centre (NCSC): https://www.ncsc.gov.uk/
Trusted by
