OWASP AppSec DC 2012/Training/Pratical Threat Modeling

Description
Course Length: 1 Day

Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application ? including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Students will also be taught about Security Compass?s unique source-code/design-pattern level threat modeling.

Student Requirements
Laptop Required: Students Need to Bring:

Objectives
Audience: Developers, architects, tech leads, information security analysts who perform application penetration testing and/or source code review Skill Level: Basic

Understand attacks that hackers use to break into web applications Create threat models for complex multi-tiered applications  Prioritize risk of attacks for an application based on potential threats  Apply security analysis to design and architecture of an application

Instructor
Oliver Ng