SecAppDev 2022 Workshop Details
Hands-on threat modeling
Sebastien Deleersnyder
Thursday June 16, 09:00 - 17:00
Abstract
This is a Threat Modeling course for DevOps Engineers to improve reliability and security of delivered software. We will teach an iterative and incremental threat modeling method.
You will perform threat modeling in 4 sprints. Exercises are built upon a fictional system, migrating a legacy system towards a cloud application:
- Modeling a hotel booking web and mobile application, sharing a REST backend
- Threat identification as part of migrating the system to AWS
- AWS threat mitigations for the booking system build on microservices
- Building an attack library for CI/CD pipelines
Topics
- Threat modeling introduction
- Diagramming
- Identifying threats
- Addressing threats
- Practical threat modeling
- Threat modeling resources
Learning goal
Cover the 4 main steps of creating and updating an effective threat model and use threat modeling as part of the secure design of systems
Content level
Introductory
Target audience
Software developers, architects, product managers, incident responders, and security professionals
Prerequisites
Basic IT knowledge of web and mobile applications, databases & single sign-on (SSO) principles
Technical requirements
Bring your own tablet or laptop to get access to our learning platform with all the handouts and solutions.
SecAppDev is the most immersive application security course you have ever seen
Book your seat now
Sebastien Deleersnyder
CTO, Toreon
Sebastien (Seba) Deleersnyder is co-founder and CTO of Toreon. He started the Belgian OWASP chapter and was an OWASP Foundation Board member. With a development background and years of security experience, he has trained countless developers to create more secure software. Leading OWASP projects such as OWASP SAMM, he has genuinely helped make the world a safer place. What’s he currently up to? Right now, he’s busy adapting application security models to the evolving field of DevOps and is also focused on getting the word out on Threat Modeling to a broader audience.