Between academic knowledge of threat modeling and the real world. In order to minimize that gap, we have developed practical Use Cases, based on real-life projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on the following: • B2B web and mobile applications, sharing the same REST backend • An Internet of Things (IoT) deployment with an on-premise gateway and a cloud-based update service • OAuth scenarios for an HR application • Privacy of a new face recognition system in an airport After each hands-on workshop, the results are discussed, and students receive a documented solution.
Upon completion attendees should know: Upon completion of this training, attendees will have a practical framework, tools and the first hands-on experience to start and improve threat modeling in their own organizations.
The course students receive the following package as part of the course: • Hand-outs of the presentations • Worksheets of the use cases, • Detailed solution descriptions of the use cases • Template to document a threat model • Template to calculate risk levels of identified threats • Receive certificate: Following a successful exam (passing grade defined at 70%) the student will receive certification for successful completion of course
Attendees should bring: The students should bring their own laptop or tablet to read and use the training handouts and exercise descriptions.
Attendees should know: This course is aimed at software developers, architects, system managers or security professionals. Before attending this course, students should be familiar with basic knowledge of web and mobile Applications, databases & Single sign-on (SSO) principles.