This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2012/Training/Pratical Threat Modeling"
Mark.bristow (talk | contribs) (Created page with "__NOTOC__ {{:OWASP AppSec DC 2012 Header}} ==Description== '''Course Length: 1 Day''' Threat modeling is gaining traction as a fundamental application security activity. In t...") |
(No difference)
|
Revision as of 01:41, 18 January 2012
Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org
Description
Course Length: 1 Day
Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application ? including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Students will also be taught about Security Compass?s unique source-code/design-pattern level threat modeling.
Student Requirements
Laptop Required: Students Need to Bring:
Objectives
Audience: Developers, architects, tech leads, information security analysts who perform application penetration testing and/or source code review Skill Level: Basic
Understand attacks that hackers use to break into web applications
Create threat models for complex multi-tiered applications
Prioritize risk of attacks for an application based on potential threats
Apply security analysis to design and architecture of an application
Instructor
Oliver Ng
Gold Sponsors |
|
|
|
|
Silver Sponsors |
| |||
Small Business |
|
| ||
Exhibitors |
|
|
|
|
