This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP AppSec DC 2012/Training/Pratical Threat Modeling
Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org
Description
Course Length: 1 Day
Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application ? including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Students will also be taught about Security Compass?s unique source-code/design-pattern level threat modeling.
Student Requirements
Laptop Required: Students Need to Bring:
Objectives
Audience: Developers, architects, tech leads, information security analysts who perform application penetration testing and/or source code review Skill Level: Basic
Understand attacks that hackers use to break into web applications
Create threat models for complex multi-tiered applications
Prioritize risk of attacks for an application based on potential threats
Apply security analysis to design and architecture of an application
Instructor
Oliver Ng
Gold Sponsors |
|
|
|
|
Silver Sponsors |
| |||
Small Business |
|
| ||
Exhibitors |
|
|
|
|
