As skilled and experienced professionals we know that there is a gap between academic knowledge of threat modeling and the real world. To close that gap, we developed practical use cases, based on real-world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Using the OWASP Application Threat Modeling methodology, we provide our students with the best training possible and the templates to incorporate threat modeling best practices in their daily work.
Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on:
- B2B web and mobile applications, sharing the same REST back-end
- An IoT deployment with a gateway and a cloud-based update service
- OAuth scenarios for an HR application
- Privacy of a new face recognition system in an airport
- Get into the defenders’ head, attacking a nuclear facility