Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

The purpose of threat modeling is to provide a systematic analysis of what controls our defenses need to be included to defend a given system against a potential attack, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker.

In this training, we shall handle the following:

• • The main idea behind threat modeling and how to build security by default and by design into system development.
  • How to use threat modeling to ensure business requirements (or goals) are adequately protected in the face of a malicious actor, accidents, or other causes of impact.
  • Integrating threat modeling into software development methodologies such as waterfall, Agile, and DevOps
  • Learn about threat modeling Methodologies such as STRIDE, Pasta, Trike, CAST, etc.
  • Threat modeling stages and examples.
  • Able to identify threats and compliance requirements during SDLC and evaluate their risks.
  • Learn to balance risks, controls, and usability.
  • Define and build the required controls.
  • Identify where building control is unnecessary, based on acceptable risk.
  • Document threats and mitigation.
  • Identification of security test cases/security test scenarios to test the security requirements