Agile Threat Modeling

Threat Modeling is considered an essential activity in the modern Software Development Lifecycle. It helps in identifying cybersecurity threats and possible vulnerabilities early on, to a point where, if done correctly, the security vulnerability never surfaces in a given environment or application. Most organizations do Threat Modeling for large systems, resulting in a “boil the ocean” effect, leading to ineffective Threat Analysis. Worse, this has no meaning or bearing on engineering and product teams that actually deliver these applications to customers.

This training focuses on delivering effective Threat Modeling in the Agile SDLC. It is an offensive security training that ​takes battle-tested threat modeling principles and methodologies and trains students on how they can implement an effective, yet efficient Threat Model in a time and resource constrained Agile (and DevOps) driven SDLC.

This Threat Modeling training is replete with the following:
  • Section-by-Section Case Studies and Group Exercises to encourage scenario-based learning

  • Games in the form of “Elevation-of-Privilege” game that makes threat modeling inclusive, collaborative and effective

  • Story-Driven Threat Modeling that focuses on iterative, feature-driven threat modeling that is more effective and efficient in the Agile SDLC, than full-system threat modeling


Key Takeaways


  • Threat Modeling Methodologies - Benefits and Demerits. Deep Understanding of Threat Modeling Practices and Concepts

  • Story-Driven Threat Modeling => How to achieve Threat Modeling per feature (iterative) in an Agile SDLC.

  •  Actionable Threat Modeling => How to Use Threat Modeling in applying security controls, test approaches and incident response

Session FAQ
  • AppSec Professionals
  • Information Security Managers
  • Pentesters
  • Chief Information Security Officers
  • DevSecOps Professionals
  • Attendees should have a basic understanding of Linux environment and know their way around the terminal.
  • A basic understanding of ‘OWASP TOP-10 Vulnerabilities’
  • Laptop or reasonably powerful tablet computing device
  • Ability to connect to Wifi networks and access the internet
  • Slides for the course
  • OSS toolkit for implementing all the labs discussed in the class
  • Lab Handouts

Subject matter experts from we45