This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Threat Modeling Express"
Mark.bristow (talk | contribs) (Created page with '__NOTOC__ link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…') |
(category OWASP/Training changed to OWASP Training) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 25: | Line 25: | ||
At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering. | At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | [[Category:OWASP Training/AppSec_DC_2010]] [[Category:OWASP Training/Basic]] | |
| − | [[Category: | ||
Latest revision as of 21:24, 10 November 2014
Registration | Hotel | Walter E. Washington Convention Center
Description
Course Length: 1 Day
The benefits of threat modeling at the design stage are well-documented, yet few organizations are able to perform this analysis technique due to time constraints. Based on our experience in real world situations, Security Compass has developed a one day approach to threat modeling based loosely on a Facilitated Risk Assessment Process (FRAP).
In this class, students learn how to create a “quick and dirty” application threat model using an organization’s most valuable resource: its people. Students learn about the basics of web application security, as well as learn about and perform a real hands-on Express Threat Model. A deliverable template and list of steps will be provided as takeaways for students.
Student Requirements
This course will include hands-on exercises. Students are not required to bring their own laptops, a pen or pencil will suffice.
Objectives
Skill: Intermediate, Basic
- Learn application security basics
- Be better equipped to make architecture and design decisions with security in mind
- Be able to create an Express Threat Modeling in one day
Instructor
Rohit Sethi, Director of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several national conferences. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.
At Security Compass, Rohit teaches hundreds of students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.
