• Cisco Training Courses

    Insoft has been serving IT community with official Cisco training offering since 2010. Find all the relevant information on Cisco training on this page.

    View More

    Cisco Certifications

    Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

    View More

    Cisco Learning Credits

    Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

    Have CLCs and want to redeem them?

    Cisco Continuing Education

    The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

    View More

    Cisco Digital Learning

    Certified employees are VALUED assets. Explore Cisco official Digital Learning Library to educate yourself through recorded sessions.

    Browse CDLL Catalogue

    Cisco Business Enablement

    The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

    View More

    Fortinet Technical Certifications

    The Fortinet Network Security Expert (NSE) program is an eight-level training and certification program to teach engineers of their network security for Fortinet FW skills and experience.

    View More

    Fortinet Technical Courses

    Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

    View More

    Official ATC Status

    Check our ATC Status across selected countries in Europe.

    View More

    Fortinet Services Packages

    Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

    Browse Packages

    Prepforce Bootcamp

    The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

    View More

    Microsoft Training

    Insoft Services provides Microsoft training in EMEAR. We offer Microsoft technical training and certification courses that are led by world-class instructors.

    View More

    Technical Training

    The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

    View More

    ATP Accreditation

    As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

    View More

     

    Our Mission: Provide an expert set of modern & leading edge Network Automation skills to the market through professional services.

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

    View More

     

    We help organisations to deploy Software-Defined Networking (SDN) solutions, such as Cisco DNA. Besides, our team has extensive experience in integrating Cisco DNA Center with third-party systems.

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

    View More

    About Us

    Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

    View More

    OWASP Application Threat Modeling

    X

    Contact Us

    We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.

    Subscribe

    I'd like to receive emails with the latest updates and promotions from Insoft.

    Data Protection & Privacy

    I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.


    OWASP Application Threat Modeling

    Enroll Now
    Duration
    2 Days
    Delivery
    (Online and onsite)
    Price
    Price Upon Request
    As skilled and experienced professionals we know that there is a gap between academic knowledge of threat modeling and the real world. To close that gap, we developed practical use cases, based on real-world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Using the OWASP Application Threat Modeling methodology, we provide our students with the best training possible and the templates to incorporate threat modeling best practices in their daily work. Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on:
    • B2B web and mobile applications, sharing the same REST back-end
    • An IoT deployment with a gateway and a cloud-based update service
    • OAuth scenarios for an HR application
    • Privacy of a new face recognition system in an airport
    • Get into the defenders’ head, attacking a nuclear facility
      See other courses available

    Day 1

    • Threat modelling introduction
    • Threat modelling in a secure development lifecycle
    • What is threat modelling?
    • Why perform threat modelling?
    • Threat modelling stages
    • Different threat modelling methodologies
    • Document a threat model
    • Diagrams –what are you building?
    • Understanding context
    • Doomsday scenarios
    • Data flow diagrams
    • Trust boundaries
    • Sequence and state diagrams
    • Advanced diagrams
    • Hands-on: diagram B2B web and mobile applications, sharing the same REST backend
    • Identifying threats –what can go wrong?
    • STRIDE introduction
    • Spoofing threats
    • Tampering threats
    • Repudiation threats
    • Information disclosure threats
    • Denial of service threats
    • Elevation of privilege threats
    • Attack trees
    • Attack libraries
    • Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment with an on-premise gateway and secure update service

    Day 2

    • Addressing each threat
    • Mitigation patterns
    • Authentication: mitigating spoofing
    • Integrity: mitigating tampering
    • Non-repudiation: mitigating repudiation
    • Confidentiality: mitigating information disclosure
    • Availability: mitigating denial of service
    • Authorization: mitigating elevation of privilege
    • Specialist mitigations
    • Hands-on: threat mitigations OAuth scenarios for web and mobile applications

    Threat modeling is a crucial technique to assure more secure software and systems. The OWASP Application Threat Modeling training will provide our students with the know-how, templates, and exercises to start threat modeling themselves. Key takeaways are:

    • becoming a better (security) professional
    • understanding the process and technique of threat modeling
    • knowing when and how to introduce and improve threat modeling

    Students should be familiar with basic knowledge of web and mobile applications, databases & Single sign-on (SSO) principles

    Overview

    As skilled and experienced professionals we know that there is a gap between academic knowledge of threat modeling and the real world. To close that gap, we developed practical use cases, based on real-world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Using the OWASP Application Threat Modeling methodology, we provide our students with the best training possible and the templates to incorporate threat modeling best practices in their daily work. Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on:
    • B2B web and mobile applications, sharing the same REST back-end
    • An IoT deployment with a gateway and a cloud-based update service
    • OAuth scenarios for an HR application
    • Privacy of a new face recognition system in an airport
    • Get into the defenders’ head, attacking a nuclear facility
      See other courses available

    Day 1

    • Threat modelling introduction
    • Threat modelling in a secure development lifecycle
    • What is threat modelling?
    • Why perform threat modelling?
    • Threat modelling stages
    • Different threat modelling methodologies
    • Document a threat model
    • Diagrams –what are you building?
    • Understanding context
    • Doomsday scenarios
    • Data flow diagrams
    • Trust boundaries
    • Sequence and state diagrams
    • Advanced diagrams
    • Hands-on: diagram B2B web and mobile applications, sharing the same REST backend
    • Identifying threats –what can go wrong?
    • STRIDE introduction
    • Spoofing threats
    • Tampering threats
    • Repudiation threats
    • Information disclosure threats
    • Denial of service threats
    • Elevation of privilege threats
    • Attack trees
    • Attack libraries
    • Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment with an on-premise gateway and secure update service

    Day 2

    • Addressing each threat
    • Mitigation patterns
    • Authentication: mitigating spoofing
    • Integrity: mitigating tampering
    • Non-repudiation: mitigating repudiation
    • Confidentiality: mitigating information disclosure
    • Availability: mitigating denial of service
    • Authorization: mitigating elevation of privilege
    • Specialist mitigations
    • Hands-on: threat mitigations OAuth scenarios for web and mobile applications

    Threat modeling is a crucial technique to assure more secure software and systems. The OWASP Application Threat Modeling training will provide our students with the know-how, templates, and exercises to start threat modeling themselves. Key takeaways are:

    • becoming a better (security) professional
    • understanding the process and technique of threat modeling
    • knowing when and how to introduce and improve threat modeling

    Students should be familiar with basic knowledge of web and mobile applications, databases & Single sign-on (SSO) principles

      Upcoming Dates
    • ` Feb 6 - Feb 7, 2023
    • ` Mar 6 - Mar 7, 2023
    • ` Apr 3 - Apr 4, 2023
    • ` May 1 - May 2, 2023
    • ` May 29 - May 30, 2023
    • ` Jun 26 - Jun 27, 2023
    Filter

    Follow Up Courses

    Filter