deep knowledge technical trainings

APRIL 17 - 25 @ MOVENPICK AMSTERDAM

Advanced Whiteboard Hacking – AKA Hands-On Threat Modeling

As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.
To minimize that gap we have developed a 2-day course with practical use cases, based on real world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Students will be challenged in virtual breakout rooms of 3 to 4 people to perform the different stages of threat modeling

2,299.00

Registration Opens December 2022

Duration

2-day

Delivery Method

In-Person

Level

beginner

Seats Available

20

ATTEND IN-PERSON: Onsite in Amsterdam

DATE: 17-18 April 2023

TIME: 09:00 to 17:00 CEST/GMT+2

Date Day Time Duration
17 Apr Monday 09:00 to 17:00 CEST/GMT+2 8 Hours
18 Apr Tuesday 09:00 to 17:00 CEST/GMT+2 8 Hours

 


As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.

To minimize that gap we have developed a 2-day course with practical use cases, based on real world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Students will be challenged in virtual breakout rooms of 3 to 4 people to perform the different stages of threat modeling on the following:

  • B2B web and mobile applications, sharing the same REST backend
  • An Internet of Things (IoT) deployment with an on premise gateway and a cloud based update service
  • OAuth scenarios for an HR application
  • Privacy of a new face recognition system in an airport

After each hands-on workshop, the results are discussed, and students receive a documented solution. Based on our successful trainings in the last years we have received great and positive feedback.

 

Key Learning Objectives
  • Cover the 4 main steps of creating and updating an effective threat model
  • Use threat model as part of secure design of systems and to more efficiently scope pentesting
  • Use threat modeling as a way to learn, model and communicate with security and development teams and build bridges between them.

 

What Students Will Be Provided With:
  • Hand-outs of the presentations
  • Work sheets of the use cases
  • Detailed solution descriptions of the use cases
  • Template to document a threat model
  • Template to calculate risk levels of identified threats
  • Receive certificate: Following a successful exam (passing grade defined at 70%) the student will receive certification for successful completion of course

Why You Should Take This Course

As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.
To minimize that gap we have developed a 2-day course with practical use cases, based on real world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Students will be challenged in virtual breakout rooms of 3 to 4 people to perform the different stages of threat modeling

Who Should Attend

This course is aimed at software developers, architects, system managers or security professionals.

Prerequisite Knowledge

Before attending this course, students should be familiar with basic knowledge of web and mobile Applications, databases & Single sign on (SSO) principles.

Hardware / Software Requirements

  • Stable internet access
  • Access to your own laptop or tablet
  • Ability to participate in MS Teams virtual meetings
  • Ability to participate in dedicated private Slack channels created for the training.

TRAINER

Co-founder & CTO

Toreon

Seba is co-founder, CEO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board and performed several public presentations on Application Security.

Seba also co-organized the yearly security & hacker BruCON conference and trainings in Belgium. With a background in development and many years of experience in security, he has trained countless developers to create software more securely. He has led OWASP projects such as OWASP SAMM, thereby truly making the world a little bit safer. Now he is adapting application security models to the evolving field of DevOps and is also focused on bringing Threat Modeling to a wider audience.