Select Page

Security Workshop:
Threat Modeling In Software Development Life Cycle (SDLC)

 

Join us in our Threat Modeling workshop and learn how to manage security risk during system development.

Online Workshop (2 CPE)

About The Threat Modeling In SDLC Workshops

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

The purpose of threat modeling is to provide systematic analysis of what controls or defences need to be included to defend a giving system against potential attack, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker.

WHO SHOULD ATTEND

  • CISO’s
  • Security Risk Managers
  • Security Engineers
  • Information Security Managers.
  • Information Security Directors.
  • All other security professionals who want to be kept up to date.

 

The Content

In this workshop our expert will take you through the process of Threat modeling and teach you to answer questions involved in the process such as

“Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “What do I need to do to safeguard against these threats?”.

In this workshop we will learn the following:

  • The main idea behind threat modeling and how to build security by default and by design into system development.
  • How to use threat modeling to ensure business requirements (or goals) are adequately protected in the face of a malicious actor, accidents, or other causes of impact.
  • Integrating threat modeling into software development methodology such as waterfall, Agile and DevOps
  • Learn about threat modeling Methodologies such as STRIDE, Pasta, Trike, CAST, etc.
  • Threat modeling stages and examples.
  • Able to identify threats and compliance requirements during SDLC and evaluate their risks.
  • Learn to balance risks, controls, and usability.
  • Define and build the required controls.
  • Identify where building a control is unnecessary, based on acceptable risk.
  • Document threats and mitigation.
  • Identification of security test cases / security test scenarios to test the security requirements