Name: Training Class: Threat Modelling: From None to Done - John DiLeo
Start: 2020-10-24T08:45:00+13:00
End: 2020-10-24T17:15:00+13:00
Location: Redshield

The OWASP New Zealand Chapter is pleased to present our annual Training Days event. This year, we are offering classes in two cities - Auckland and Wellington, on different Saturdays in October.

In Wellington, we are offering a class on Saturday, 24 October:

Threat Modelling: From None to Done - John DiLeo
Registration check-in will open at 8:00 a.m., and classes will run from 8:45 a.m. to 5:30 p.m., with breaks for lunch and morning and afternoon tea.

Registration is NZ $195.00 (plus EventBrite fees).

Rather than registering here on meetup, please hop over to Event Brite and register for a ticket there:

https://www.eventbrite.com/e/owasp-nz-training-wellington-threat-modelling-from-none-to-done-tickets-120363850517

A special thank-you to Red Shield for providing the classroom space, and to Kirk Jackson for serving as our event host for the day.

Registration closes on Thursday, 22 October.

Threat Modelling: From None to Done
John DiLeo

Training Abstract:

This session offers participants an interactive introduction to Threat Modelling, based on the instructor's learning and experience over the past several years. A primary focus of this course is the introduction of threat modelling activities into your organisation's software development processes, to improve the overall quality and security of the applications you build.

As a recent "convert" to the application security world, your instructor has developed his "expertise" in threat modelling by gathering information from a variety of sources. He's combined those learnings with his own experience to create a practical threat modelling approach he has successfully applied within his professional roles.

In addition to addressing key questions around the "Five Ws," the presentation will cover the "Four Questions" approach to developing a model, and include several interactive exercises to provide direct experience. A brief review of available modelling tools will also be included, along with an approach to introducing Threat Modelling into your SDLC.

Objectives:
In this course, attendees can expect to:

Gain a better understanding of the motivations for, and benefits of, threat modelling

Learn the process for building a threat model, using the "four questions" approach

Learn how to introduce threat modelling into existing organisations, and development projects working with "legacy" applications

Learn about available tools for creating and managing threat models

Learn about integrating threat modelling into the software development lifecycle

Topic Outline:

Introduction - Overview, and Initial Modelling Exercise

The Five Ws of Threat Modelling

Our Modelling Approach - Shostack's Four Questions

Identifying the Scope

Identifying Threats

Risk Management Overview

Identifying Mitigations

Selecting Mitigations

Verification and Validation

Getting Started - Incremental Threat Modelling

Tools for Creating Threat Models

Integration with the SDLC

About John

John is an active member and leader of several OWASP projects and global committees, including as co-leader of the OWASP Application Security Curriculum Project. He also serves as a co-leader of the OWASP New Zealand Chapter.

In his day job, John serves as an internal application security consultant at Air New Zealand.

Twitter: @gr4ybeard

Kirk Jackson

OWASP New Zealand Chapter - Wellington

OWASP® Foundation 

Technology

Software Development

White Hat Hacking

Web Technology

Web Security

Web Development

OWASP

Information Security

Application Security

Software Security

Computer Security

Ethical Hacking

Penetration Testing

Web Application Security

Ingo Schommer

Anna Lezhikova

Edward Hall

Darcy Thomas

Adrian Hayes

Sam Parkin

Ivan Kurnosov

Training Class: Threat Modelling: From None to Done - John DiLeo

Redshield

Share

OWASP New Zealand Chapter - Wellington

Training Class: Threat Modelling: From None to Done - John DiLeo

OWASP New Zealand Chapter - Wellington

Details

Members are also interested in