OWASP AppSec DC 2012/Training/Pratical Threat Modeling - Revision history

Achim at 21:31, 10 November 2014

2014-11-10T21:31:58Z

Achim: category changed to OWASP/Training AppSec_DC_2012

2014-11-10T20:59:58Z

category changed to OWASP/Training AppSec_DC_2012

Mark.bristow: /* Instructor */

2012-01-31T23:13:59Z

‎Instructor

Mark.bristow: Created page with "NOTOC {{:OWASP AppSec DC 2012 Header}} ==Description== '''Course Length: 1 Day''' Threat modeling is gaining traction as a fundamental application security activity. In t..."

2012-01-18T01:41:53Z

Created page with "__NOTOC__ {{:OWASP AppSec DC 2012 Header}} ==Description== '''Course Length: 1 Day''' Threat modeling is gaining traction as a fundamental application security activity. In t..."

New page

__NOTOC__
{{:OWASP AppSec DC 2012 Header}}
==Description==
'''Course Length: 1 Day'''

Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application ? including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Students will also be taught about Security Compass?s unique source-code/design-pattern level threat modeling. 
==Student Requirements==
Laptop Required:
Students Need to Bring:

==Objectives==
Audience: Developers, architects, tech leads, information security analysts who perform application penetration testing and/or source code review
Skill Level: Basic

Understand attacks that hackers use to break into web applications Create threat models for complex multi-tiered applications Prioritize risk of attacks for an application based on potential threats Apply security analysis to design and architecture of an application
==Instructor==
Oliver Ng
[[Category:AppSec_DC_2012_Training]]
{{:OWASP AppSec DC 2012 Footer}}

@@ Line 20: / Line 20: @@
 Krishna is instrumental in the development and delivery of Security Compass’ training curriculum. Krishna has developed and taught courses in Threat Modeling, Exploiting and Defending Web Applications, Building Secure Web Applications in Java EE, Advanced Application Attacks, and Application Security Awareness to architects, project managers and developers.
-[[Category:OWASP/Training AppSec_DC_2012]]
+[[Category:OWASP Training/AppSec_DC_2012]]
 {{:OWASP AppSec DC 2012 Footer}}

@@ Line 20: / Line 20: @@
 Krishna is instrumental in the development and delivery of Security Compass’ training curriculum. Krishna has developed and taught courses in Threat Modeling, Exploiting and Defending Web Applications, Building Secure Web Applications in Java EE, Advanced Application Attacks, and Application Security Awareness to architects, project managers and developers.
-[[Category:AppSec_DC_2012_Training]]
+[[Category:OWASP/Training AppSec_DC_2012]]
 {{:OWASP AppSec DC 2012 Footer}}

@@ Line 16: / Line 16: @@
 Understand attacks that hackers use to break into web applications<br><br>Create threat models for complex multi-tiered applications<br><br>Prioritize risk of attacks for an application based on potential threats<br><br>Apply security analysis to design and architecture of an application
 ==Instructor==
-Oliver Ng
+Krishna Raja is a Senior Security Consultant with an extensive background in Java EE application development. He has performed comprehensive security assessments for financial, government, and health care organizations across Canada and the United States. Mr. Raja has also driven the initiation of application security programs into the SDLC process of his clients.  This involves the drafting of security requirements, threat modeling, creating secure coding guidelines and security test cases.  Krishna has carried out the role of security advisor, security analyst, project manager and trainer.
 [[Category:AppSec_DC_2012_Training]]
 {{:OWASP AppSec DC 2012 Footer}}

OWASP AppSec DC 2012/Training/Pratical Threat Modeling - Revision history

Achim at 21:31, 10 November 2014

Achim: category changed to OWASP/Training AppSec_DC_2012

Mark.bristow: /* Instructor */

Mark.bristow: Created page with "__NOTOC__ {{:OWASP AppSec DC 2012 Header}} ==Description== '''Course Length: 1 Day''' Threat modeling is gaining traction as a fundamental application security activity. In t..."

Mark.bristow: Created page with "NOTOC {{:OWASP AppSec DC 2012 Header}} ==Description== '''Course Length: 1 Day''' Threat modeling is gaining traction as a fundamental application security activity. In t..."