All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon

Threat Modeling Fundamentals

Course Summary

The Threat Modeling Fundamentals training course is designed to help participants understand threat modeling, it's approaches, tools, and benefits. The course begins with an overview of threat modeling and threat modeling approaches, then covers various threat modeling tools such as OWASP and PASTA. Next, the course discusses threat modeling in practice. The course concludes with a look at incremental threat modeling and how one can integrate threat modeling into the software development lifecycle. Participants will review case studies and participate in several exercises to solidify their understanding.

Purpose
Learn about threat modeling, approaches, tools, and benefits.
Audience
Participants who need a foundation on how to identify potential risks and threats.
Role
Software Developer | Technical Manager | Web Developer
Skill Level
Introduction
Style
Lecture | Hands-on Activities
Duration
2 Days
Related Technologies
Secure Coding | Threat Modeling

 

Course Objectives
  • Explain threat modeling and approaches to threat modeling
  • Compare various threat modeling tools
  • Evaluate incremental threat modeling
  • Integrate threat modeling into SDLC

What You'll Learn:

In the Threat Modeling Fundamentals training course, you'll learn:
  • Introduction
    • What is threat modeling
    • Why threat model?
    • What should a threat model contain?
    • Who (and when) should engage in threat modeling?
    • Where should we put our threat model?
  • Threat Modeling Approaches
    • Attacker-Centric, i.e., Think like an attacker!
    • Asset-Centric, i.e., What do we have to lose?
    • Application-Centric, i.e., What are we building (and testing)?
  • Threat Modeling Tools
    • OSWASP Threat Dragon
    • PASTA (Process for Attack Simulation and Threat Analysis)
    • OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)
    • VAST (Visual, Agile, and Simple Threat Modeling)
    • STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
    • Trike (Using Threat Models as a Risk-Management Tool)
  • Practical Threat Modeling
    • Identifying the scope
    • Data-Flow diagramming
    • Swim-Lane diagramming
    • State machines
    • Target analysis
    • Identifying and documenting threats
    • Rating threats
    • Mitigating threats
  • Incremental Threat Modeling
  • Integrating Threat Modeling into the Software Development Lifecycle (SDLC)
real world content

Real-World Content

Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.
expert practitioners

Expert Practitioners

Industry experts that bring their battle scars into the classroom.
experiential learning

Experiential Learning

More coding than lecture, coupled with architectural and design discussions.
tailored outlines

Tailored Outlines

One-size-fits-all doesn't apply to training teams. That's where we come in!

Dive in and learn more

When transforming your workforce, it's important to have expert advice and tailored solutions. We can help. Tell us your unique needs and we'll explore ways to address them.

Let's chat

By filling out this form and clicking submit, you acknowledge our privacy policy.