Threat Modeling Workshop


Since about half of all security vulnerabilities in software are due to design errors, safety measures must be considered during the design phase. In this phase, the cost of fixing vulnerabilities is comparatively low compared to the implementation phase. Threat modeling helps to identify threats, regardless of the complexity of the architecture. The method supports the development of a trustworthy security design. A complete threat modeling is carried out systematically and methodically with the aim of reducing or even eliminating the effects of the detected threats.

Agenda

  1. Basic Security Testing Process Concepts
  2. Threat Modeling Basics
  3. Modeling of Data Flow Diagrams
    • Exercise: Data Flow Diagrams
  4. STRIDE-Classification
    • Exercise: Identify Threats
  5. Threat Specialization
  6. Review of Threats
    • Exercise: Threat Trees
  7. Creating Mitigation Plan and Measures
    • Exercise: Threat Process
  8. Questions and Recommendations

After completing the workshop, you will receive a certificate of attendance.

Learning goals

Die Teilnehmer haben anhand der Lektionen und Übungen den vollständigen Threat Modeling Prozess von der toolgestützten Modellierung einer Architektur bis zur Identifizierung und Bewertung von Threats und Bedrohungen bearbeitet. Sie können identifizierte Bedrohungen selbständig bewerten und einschätzen sowie Mitigierungsvorschläge erarbeiten.

Duration: 1 day

Dates: Wednesday 07.02.2018, Wednesday 11.04.2018, Wednesday 06.06.2018, Wednesday 05.09.2018, Wednesday 24.10.2017

Requirements: None

Target audience:

  • Decissionmaker for IT-Security
  • Head of software development
  • Software developer/designer
  • Software Tester
  • Software Architect

Price:
850 Euro excl. 19% MwSt.
(Lunch and drinks are included)

The workshops are held at softScheck, but can also be carried out in-house on request.

Registration and questions:
info@softscheck.com
+49 2241 255 43 0