- B2B web and mobile applications, sharing the same REST back-end
- An IoT deployment with a gateway and a cloud-based update service
- OAuth scenarios for an HR application
- Privacy of a new face recognition system in an airport
- Get into the defenders’ head, attacking a nuclear facility
Contact Us
We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.

2 Days

(Online and onsite)

Price Upon Request
Day 1
- Threat modelling introduction
- Threat modelling in a secure development lifecycle
- What is threat modelling?
- Why perform threat modelling?
- Threat modelling stages
- Different threat modelling methodologies
- Document a threat model
- Diagrams –what are you building?
- Understanding context
- Doomsday scenarios
- Data flow diagrams
- Trust boundaries
- Sequence and state diagrams
- Advanced diagrams
- Hands-on: diagram B2B web and mobile applications, sharing the same REST backend
- Identifying threats –what can go wrong?
- STRIDE introduction
- Spoofing threats
- Tampering threats
- Repudiation threats
- Information disclosure threats
- Denial of service threats
- Elevation of privilege threats
- Attack trees
- Attack libraries
- Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment with an on-premise gateway and secure update service
Day 2
- Addressing each threat
- Mitigation patterns
- Authentication: mitigating spoofing
- Integrity: mitigating tampering
- Non-repudiation: mitigating repudiation
- Confidentiality: mitigating information disclosure
- Availability: mitigating denial of service
- Authorization: mitigating elevation of privilege
- Specialist mitigations
- Hands-on: threat mitigations OAuth scenarios for web and mobile applications
Threat modeling is a crucial technique to assure more secure software and systems. The OWASP Application Threat Modeling training will provide our students with the know-how, templates, and exercises to start threat modeling themselves. Key takeaways are:
- becoming a better (security) professional
- understanding the process and technique of threat modeling
- knowing when and how to introduce and improve threat modeling
Students should be familiar with basic knowledge of web and mobile applications, databases & Single sign-on (SSO) principles
- B2B web and mobile applications, sharing the same REST back-end
- An IoT deployment with a gateway and a cloud-based update service
- OAuth scenarios for an HR application
- Privacy of a new face recognition system in an airport
- Get into the defenders’ head, attacking a nuclear facility
Day 1
- Threat modelling introduction
- Threat modelling in a secure development lifecycle
- What is threat modelling?
- Why perform threat modelling?
- Threat modelling stages
- Different threat modelling methodologies
- Document a threat model
- Diagrams –what are you building?
- Understanding context
- Doomsday scenarios
- Data flow diagrams
- Trust boundaries
- Sequence and state diagrams
- Advanced diagrams
- Hands-on: diagram B2B web and mobile applications, sharing the same REST backend
- Identifying threats –what can go wrong?
- STRIDE introduction
- Spoofing threats
- Tampering threats
- Repudiation threats
- Information disclosure threats
- Denial of service threats
- Elevation of privilege threats
- Attack trees
- Attack libraries
- Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment with an on-premise gateway and secure update service
Day 2
- Addressing each threat
- Mitigation patterns
- Authentication: mitigating spoofing
- Integrity: mitigating tampering
- Non-repudiation: mitigating repudiation
- Confidentiality: mitigating information disclosure
- Availability: mitigating denial of service
- Authorization: mitigating elevation of privilege
- Specialist mitigations
- Hands-on: threat mitigations OAuth scenarios for web and mobile applications
Threat modeling is a crucial technique to assure more secure software and systems. The OWASP Application Threat Modeling training will provide our students with the know-how, templates, and exercises to start threat modeling themselves. Key takeaways are:
- becoming a better (security) professional
- understanding the process and technique of threat modeling
- knowing when and how to introduce and improve threat modeling
Students should be familiar with basic knowledge of web and mobile applications, databases & Single sign-on (SSO) principles