LIVE Instructor-Led Courses
Dismiss

Threat Modelling for Developers training course

A "World Class" course - Learn how to identify Vulnerabilities and tackle them with Threat Models.

JBI training course London UK

"The topics (threat modelling frameworks, zones of trust, annotating your own diagrams, implementing security into Agile practices) were all well-chosen and appropriate. I particular like to learn about the theory of applying security practices into Agile workflow.

The instructor was excellent. Great communicator, warm, affable personality"

GL, Software Engineer, Threat Modelling, February 2021

TAILOR-MADE
Enquire & get a quote
PUBLIC COURSES
Next on 1 Aug - see prices
JBI training course London UK

  • Gain an overview of secure SDLC and understand how threat modelling fits in
  • Understand where and how Agile architecture fits in
  • Gain an introduction to several common security classification systems
  • Define elements of software that are security concerns
  • Explore threat model types
  • Learn about the traditional threat model process
  • Discover dependencies
  • Understand the Rapid Threat Model Prototyping (RTMP) process
  • Apply Zones of Trust and use Zone rules to find threats
  • Understand how to quickly classify threats
  • Learn mitigation analysis
  • Integrate RTMP in an Agile/DevOps process
  • Convert risks into backlog items
  • Learn validation and triaging of threats
  • Explore threat modelling of an internal system
  • Identify vulnerabilities and tackle them with threat models
  • Discover the relationship with threats and the Mitre ATT&CK framework
  • Create the ability to use key parts of the Common Weakness Enumeration (CWE), OWASP Top 10 (OT10) and STRIDE in finding threats and mitigations
  • Learn how to integrate the secure aspects of the AWS and Azure Well-Architected frameworks into a threat model

Overview

• The main recipients for the course are security subject-matter experts,  technical non-security professionals who have no/little experience of threat modelling (e.g. software devs, architects and engineers) and technically-oriented project leaders.

• The purpose of the course is to deliver the concept of threat modelling and to be able to complete a basic threat model using the Rapid Threat Model Prototyping methodology.

• By the end of the course, the class will understand threats, mitigations and risk rankings and will be able to use basic threat modelling techniques to drastically improve secure design of software.

• The course will enable participants to integrate RTMP into any software development process.

Threat modelling 101

• Overview of secure SDLC

• How Threat Modelling fits into a secure SDLC

• How Agile Architecture fits in

• Introduction to several common security classification systems

• What are STRIDE and OWASP Top 10

• Mini Lab - mapping system relationships

• Defining elements of software that are security concerns

• Threat Model types

• Traditional threat model process and its shortcomings

• The importance of context diagrams to threat modelling and reusing existing software designs

• Dependencies

• Mini Lab - discovering dependencies    

Rapid Threat Model Prototyping 201

• Pareto Rule (80/20 ratio) and use in secure software development

• Introduction to the Rapid Threat Model Prototyping methodology

• Elements of a threat model

• How to integrate RTMP in an Agile/DevOps process

• Zones of Trust and using Zone rules to find threats

• Adding Zone and threat metadata to a software diagram

• Mini Lab - applying Zone rules • Mitigation analysis

• Mini Lab - discovering mitigations

• Validation and triaging of results in an Agile/DevOps process

• Lab – full threat model of an internal system    

Rapid Threat Model Prototyping 301

• How to convert risks into backlog items that are prioritised accordingly (e.g. into Jira, MS DevOps or similar workflow systems)

• Examples and open conversation of threat models that you have from the real world, starting with simple systems and building up to more complicated systems

• How to use RTMP to quickly highlight flows/processes/etc that are high risk

• Advanced techniques using calculation of the RTMP elements. Formulae are outlined and broken down for comprehension.

• Discussion around how to implement a good security champion program to drive deep adoption of Rapid Threat Model Prototyping across the software development lifecycle.

• Use of RTMP in other parts of a business.

JBI training course London UK

The main recipients for the course are security subject-matter experts,  technical non-security professionals who have no/little experience of threat modelling (e.g. software devs, architects and engineers) and technically-oriented project leaders.


4.8 out of 5 average

"The topics (threat modelling frameworks, zones of trust, annotating your own diagrams, implementing security into Agile practices) were all well-chosen and appropriate. I particular like to learn about the theory of applying security practices into Agile workflow.

The instructor was excellent. Great communicator, warm, affable personality"

GL, Software Engineer, Threat Modelling, February 2021

JBI training course London UK
 
Top 20 "Pain Points" for Data Analysts
 

Problem 11 : You have a very complex Excel spreadsheet and you want to reproduce EXACTLY the same spreadsheet in Power BI
Solution: Power BI is not Excel, it works differently and it has different strengths. In order to tackle this issue the best way is going back to the source and try to...

All 20 points are in our latest Newsletter - Delivered directly to your inbox



CONTACT
+44 (0)20 8446 7555

enquiries@jbinternational.co.uk

SHARE

Corporate Policies     Terms & Conditions
JB International Training Ltd  -  Company number 08458005

Registered address Wohl Enterprise Hub 2B Redbourne Avenue London N3 2BS

POPULAR

Rust training course                                                                          React training course

Threat modelling training course   Python for data analysts training course

Power BI training course                                   Machine Learning training course

Spring Boot Microservices training course              Terraform training course

Kubernetes training course                                                            C++ training course

Power Automate training course                               Clean Code training course