Threat Modeling Express - Revision history

Achim: category OWASP/Training changed to OWASP Training

2014-11-10T21:24:42Z

category OWASP/Training changed to OWASP Training

Achim: category changed to OWASP/Training AppSec_DC_2010

2014-11-10T20:51:38Z

category changed to OWASP/Training AppSec_DC_2010

Mark.bristow: /* Instructor */

2010-11-06T19:43:39Z

‎Instructor

Mark.bristow: Created page with 'NOTOC link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…'

2010-09-24T18:42:01Z

Created page with '__NOTOC__ link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…'

New page

__NOTOC__
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]

[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
<br>
==Description==
'''Course Length: 1 Day'''

The benefits of threat modeling at the design stage are well-documented, yet few organizations are able to perform this analysis technique due to time constraints. Based on our experience in real world situations, Security Compass has developed a one day approach to threat modeling based loosely on a Facilitated Risk Assessment Process (FRAP).

In this class, students learn how to create a “quick and dirty” application threat model using an organization’s most valuable resource: its people. Students learn about the basics of web application security, as well as learn about and perform a real hands-on Express Threat Model. A deliverable template and list of steps will be provided as takeaways for students.

==Student Requirements==
This course will include hands-on exercises. Students are not required to bring their own laptops, a pen or pencil will suffice.

==Objectives==
Skill: Intermediate, Basic

* Learn application security basics
* Be better equipped to make architecture and design decisions with security in mind
* Be able to create an Express Threat Modeling in one day

==Instructor==
'''Rohit Sethi''', Director of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several national conferences. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.

At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.

'''Krishna Raja''' is an Application Security Consultant with an extensive background in J2EE application development. He has performed comprehensive security assessments for various clients, which involves threat analysis, source code inspection and runtime penetration testing.

Mr. Raja has also been instrumental in the development and delivery of Security Compass’ training curriculum. He has developed and taught courses in Exploiting and Defending Web Applications, Application Security Awareness and Advanced Application Attacks to architects, project managers and developers across Canada and the United States. Krishna is an emerging speaker at information security conferences, and last year spoke at Source Boston 2008 and ISSA Secure SD Symposium.

[[Category:AppSec_DC_2010_Training]] [[Category:Basic_Training]]] [[Category:Intermediate_Training]]]

← Older revision		Revision as of 21:24, 10 November 2014
Line 26:		Line 26:
	At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.		At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.

−	[[Category:OWASP/~~Training~~ AppSec_DC_2010]] [[Category:OWASP/~~Training~~ Basic]]	+	[[Category:OWASP Training/AppSec_DC_2010]] [[Category:OWASP Training/Basic]]

← Older revision		Revision as of 20:51, 10 November 2014
Line 26:		Line 26:
	At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.		At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.

−		+	[[Category:OWASP/Training AppSec_DC_2010]] [[Category:OWASP/Training Basic]]
−	[[Category:~~AppSec_DC_2010_Training~~]] [[Category:~~Basic_Training]]] [[Category:Intermediate_Training]~~]]

← Older revision		Revision as of 19:43, 6 November 2010
Line 25:		Line 25:

	At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.		At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.
−
−	'''Krishna Raja''' is an Application Security Consultant with an extensive background in J2EE application development. He has performed comprehensive security assessments for various clients, which involves threat analysis, source code inspection and runtime penetration testing.
−
−	Mr. Raja has also been instrumental in the development and delivery of Security Compass’ training curriculum. He has developed and taught courses in Exploiting and Defending Web Applications, Application Security Awareness and Advanced Application Attacks to architects, project managers and developers across Canada and the United States. Krishna is an emerging speaker at information security conferences, and last year spoke at Source Boston 2008 and ISSA Secure SD Symposium.


	[[Category:AppSec_DC_2010_Training]] [[Category:Basic_Training]]] [[Category:Intermediate_Training]]]		[[Category:AppSec_DC_2010_Training]] [[Category:Basic_Training]]] [[Category:Intermediate_Training]]]

Threat Modeling Express - Revision history

Achim: category OWASP/Training changed to OWASP Training

Achim: category changed to OWASP/Training AppSec_DC_2010

Mark.bristow: /* Instructor */

Mark.bristow: Created page with '__NOTOC__ link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…'

Mark.bristow: Created page with 'NOTOC link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…'