Let us help you find the training program you are looking for.

If you can't find what you are looking for, contact us, we'll help you find it. We have over 800 training programs to choose from.

Threat Modeling

  • Course Code: SEC 1000
  • Course Dates: Contact us to schedule.
  • Course Category: Security & Cybersecurity Duration: 2 Days Audience: Developers, team leads, project managers

Overview

This course will teach threat modeling for secure coding practices

Audience

Developers, team leads, project managers

Skill Level

Introductory – Intermediate

Duration

Two days

Format

Lectures and hands on labs. (50% – 50%)

Prerequisites

  • Recommended: Cybersecurity awareness
  • Familiar with code development

Lab environment

  • Zero Install: There is no need to install software on students’ machines!
  • A lab environment in the cloud will be provided for students.

Students will need the following

  • A reasonably modern laptop with unrestricted connection to the Internet. Laptops with overly restrictive VPNs or firewalls may not work properly.
    • A checklist to verify connectivity will be provided
  • Chrome browser

Detailed outline

  • STRIDE
  • Adversarial Perspective
  • Security Terminology
  • Microsoft Security Development Lifecycle (SDL)
  • Threat Modeling
  • Microsoft Threat Modeling Tool
  • Attack Surface Reduction
  • CVSS
  • Cryptography
  • OWASP
  • Hands-on exercises
  • Appendix – background

Problem

(C)Security of software systems is becoming more and more important and visible in the public eye. Meanwhile, there is a basic imbalance between the attackers (hackers) and defenders (software developers). That is, hackers get immediate reward for their breach they effect and the damage the cause. By contracts, defenders get the blame when they are hacked and no mention when they are not.

(D)Our system addresses this and changes the balance, ultimately resulting in more secure software systems.

Solution

(E)(Pat. Pend.) IMPACT

  • Breaking the developers into two teams: blue (defenders) and red (attackers)
  • Recording the results of the attacker’s actions
  • Recording the successes of the defenders in stopping the attackers and their failures
  • Periodically update the scoreboard of the defenders thus proving positive reinforcement for their actions
  • The IMPACT system records the above data as logs. It is built on logging frameworks and well-known open source tools for log generation. It uses NoSQL databases to store the log data and Big Data analytics tools such as Spark generate the scoreboards.
View All Courses

    Course Inquiry

    Fill in the details below and we will get back to you as quickly as we can.

    Interested in any of these related courses?