Select Page

Security Workshop:
Threat Modeling In Software Development Life Cycle (SDLC)

 

Join us in this 3 days Training on Threat Modeling and learn how to integrate security and manage risk during system development.

About The Threat Modeling In SDLC

In this training, our expert will take you through the process of Threat modeling. You will learn about the main idea behind threat modeling and how to integrate security into the software development lifecycle.

Threat modeling helps software developers to:

    • Learn to balance risks, controls, and usability.
    • How to identify threats and compliance requirements, and evaluate their risks.
    • How to define and build required controls.
    • Identify where building control is unnecessary, based on acceptable risk.
    • Document threats and mitigation.
    • Identification of security test cases/security test scenarios to test the security requirements.
Training Content

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

The purpose of threat modeling is to provide a systematic analysis of what controls our defenses need to be included to defend a given system against a potential attack, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker.

In this training, we shall handle the following:

    • The main idea behind threat modeling and how to build security by default and by design into system development.
    • How to use threat modeling to ensure business requirements (or goals) are adequately protected in the face of a malicious actor, accidents, or other causes of impact.
    • Integrating threat modeling into software development methodologies such as waterfall, Agile, and DevOps
    • Learn about threat modeling Methodologies such as STRIDE, Pasta, Trike, CAST, etc.
    • Threat modeling stages and examples.
    • Able to identify threats and compliance requirements during SDLC and evaluate their risks.
    • Learn to balance risks, controls, and usability.
    • Define and build the required controls.
    • Identify where building control is unnecessary, based on acceptable risk.
    • Document threats and mitigation.
    • Identification of security test cases/security test scenarios to test the security requirements
WHO SHOULD ATTEND
  • CISO’s
  • Security Risk Managers
  • Security Engineers
  • Information Security Managers.
  • Information Security Directors.
  • All other security professionals who want to be kept up to date.