OWASP AppSec DC 2012/Training/Pratical Threat Modeling

Revision as of 20:41, 17 January 2012 by Mark.bristow (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org


Course Length: 1 Day

Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application ? including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Students will also be taught about Security Compass?s unique source-code/design-pattern level threat modeling.

Student Requirements

Laptop Required: Students Need to Bring:


Audience: Developers, architects, tech leads, information security analysts who perform application penetration testing and/or source code review Skill Level: Basic

Understand attacks that hackers use to break into web applications

Create threat models for complex multi-tiered applications

Prioritize risk of attacks for an application based on potential threats

Apply security analysis to design and architecture of an application


Oliver Ng

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg