Threat modeling is the primary security analysis task performed during the software design stage. Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application and the supporting architecture. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing. For this training we will teach an iterative and incremental threat modeling method that is integrated in the development and deployment pipeline.
Threat modeling allows you to consider, identify, and discuss the security implications of user stories in the context of their planned operational environment and in a structured fashion. It also allows consideration of security issues at the component or application level. The threat modeling course will teach you to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model based on an AWS and microservices migration from a classical web application.
As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.
In order to minimise that gap we have developed practical Use Cases, based on real life projects. Each use case includes a description of the environment, together with questions and templates to build and iteratively improve a threat model. Using this methodology for the hands-on workshops we provide our students with a robust training experience and the templates to incorporate threat modeling best practices in their daily DevOps work.
The students will be challenged to perform practical threat modeling in squads of 3 to 4 people covering the different stages of threat modeling on an incremental business driven CI/CD scenario:
After each hands-on workshop, the results are discussed, and the students receive a documented solution.
This course is aimed at anyone who is trying to embed security as part of agile/cloud/DevOps environments like Security Professionals, Penetration Testers, Red Teamers, IT managers, Developers and DevOps Engineers.
Before attending this course, students should be familiar with basic knowledge of microservices, cloud architectures and AWS. The students should bring their own laptop to the course.
|Threat modeling introduction for DevOps|
|Diagrams – what are you building?|
|Hands-on: diagram B2B web and mobile applications|
|Identifying threats – what can go wrong?|
|Hands-on: Threat identification as part of migrating to AWS|
|Addressing each threat|
|Hands-on: AWS threat mitigations for microservices|
|Practical threat modeling as part of the DevOps pipeline|
|Hands-on: Building an attack library for CI/CD pipelines|
|Threat modeling resources|
|Threat modeling tools as part of the DevOps toolchain|
Please complete your registration on Eventbrite by selecting the ticket ‘Whiteboard hacking for DevOps Engineers + Regular 2-Day Pass ‘Register now
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.