This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/Training/Pratical Threat Modeling

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |


Course Length: 1 Day

Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application ? including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Students will also be taught about Security Compass?s unique source-code/design-pattern level threat modeling.

Student Requirements

Laptop Required: Students Need to Bring:


Audience: Developers, architects, tech leads, information security analysts who perform application penetration testing and/or source code review Skill Level: Basic

Understand attacks that hackers use to break into web applications

Create threat models for complex multi-tiered applications

Prioritize risk of attacks for an application based on potential threats

Apply security analysis to design and architecture of an application


Krishna Raja is a Senior Security Consultant with an extensive background in Java EE application development. He has performed comprehensive security assessments for financial, government, and health care organizations across Canada and the United States. Mr. Raja has also driven the initiation of application security programs into the SDLC process of his clients. This involves the drafting of security requirements, threat modeling, creating secure coding guidelines and security test cases. Krishna has carried out the role of security advisor, security analyst, project manager and trainer.

Krishna is instrumental in the development and delivery of Security Compass’ training curriculum. Krishna has developed and taught courses in Threat Modeling, Exploiting and Defending Web Applications, Building Secure Web Applications in Java EE, Advanced Application Attacks, and Application Security Awareness to architects, project managers and developers.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg