Threat Modeling Training Course

Course Description

Penetration testing and secure code review can uncover many types of security issues in an application; however, there are gaps that simply cannot be found with these traditional analysis techniques. Discovering weaknesses in the design of a system is the specific goal of threat modeling. Organizations benefit from this software design analysis because you can perform it without code to discover potential vulnerabilities early in the development cycle.

This course details our threat modeling process and methodologies to teach students how to identify the assets, security controls, and threat agents for a given system. The course goes on to show how this information can be used to create a prioritized list of attacks and propose appropriate mitigations. First, system threat models are described and used to build a holistic view of the security posture of the system based on the application and its associated infrastructure. This is followed by closer analysis of component interaction using protocol/sequence/API threat models. The course is also supported by hands-on lab exercises that allow students to learn by actually going through the threat model process.

Learning Objectives

After successfully completing this course, the student will be able to:

  • Describe the Cigital threat modeling process and methodology
  • Use Cigital’s threat modeling approach for analyzing applications and systems
    • Identify different types of threat models
    • Describe how to model the software for each type of threat model
    • Describe how to relate assets, security controls, and threat agents
    • Produce a report describing potential attacks and mitigations

Details

Delivery Format:

  • Traditional Classroom
  • Virtual Classroom

Duration: 8 hours

Level: Advanced

Intended Audience:

  • Architects
 

Get more course information