(
Free Course) - Ticket
must be reserved at
https://lascon-x-training.eventbrite.comThreat Modeling is a great way to identify security risk by structuring possible attacks, bad actors and countermeasures over a broad view of the targeted system. Attendees will learn hands on examples of basic threat modeling concepts and how to use them effectively.
This workshop will be a collaborative experience with threat model content created with the audience. We will open the session with a quick introduction and round up of the tools that will be used: attack trees, flow diagrams and related open source software.
Attendees will be able to choose between three ways of getting involved:
- Brainstorming; give your ideas to the whole group to model on a whiteboard.
- Pen and papers; model the group brainstorm ideas and add your own.
- Computer modeling; generate resulting models using code.
We will look at examples from the OWASP Threat Model Cookbook Project and invite attendees to contribute with their creations.
Session outline:
- Flash introduction on threat modeling
- Selection of participant roles and the target system
- Flow Diagram explanation and collaborative creation
- Attack tree explanation and collaborative creation
- View of code and computer generated diagrams
Required Materials: Pens and paper will be provided. Laptop required only if you want to model as code.
