Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Threat Modeling Fundamentals

Course Summary

The Threat Modeling Fundamentals training course ​is designed to help students understand threat modeling, it's approaches, tools, and benefits.

The course begins with an overview of threat modeling and threat modeling approaches, then provides an overview of various threat modeling tools such as OWASP and PASTA. Next, the course covers threat modeling in practice. The course concludes with a look at incremental threat modeling and how one can integrate threat modeling into the software development lifecycle.

Students will review case studies and participate in several exercises to solidify their understanding.

Learn about threat modeling, approaches, tools and benefits.
Students who need a foundation on how to identify potential risks and threats.
Software Developer - Technical Manager - Web Developer
Skill Level
Learning Spikes - Workshops
2 Days
Related Technologies
Secure Coding Training | Threat Modeling


Productivity Objectives
  • Explain threat modeling and approaches to threat modeling
  • Compare various threat modeling tools
  • Evaluate incremental threat modeling
  • Integrate threat modeling into SDLC

What You'll Learn:

In the Threat Modeling Fundamentals training course, you'll learn:
  • Introduction
    • What is Threat Modeling
    • Why Threat Model?
    • What Should a Threat Model Contain?
    • Who (and When) Should Engage in Threat Modeling?
    • Where Should We Put Our Threat Model?
  • Threat Modeling Approaches
    • Attacker-Centric, i.e., Think Like an Attacker!
    • Asset-Centric, i.e., What Do We Have to Lose?
    • Application-Centric, i.e., What are We Building (and Testing)?
  • Threat Modeling Tools
    • OSWASP Threat Dragon
    • PASTA-Process for Attack Simulation and Threat Analysis
    • OCTAVE- Operationally Critical Threat, Asset, and Vulnerability Evaluation
    • VAST-Visual, Agile, and Simple Threat Modeling
    • STRIDE-Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
    • Trike-Using Threat Models as a Risk-Management Tool
  • Practical Threat Modeling
    • Identifying the Scope
    • Data-Flow Diagramming
    • Swim-Lane Diagramming
    • State Machines
    • Target Analysis
    • Identifying and Documenting Threats
    • Rating Threats
    • Mitigating Threats
  • Incremental Threat Modeling
  • Integrating Threat Modeling into the Software Development Lifecycle
“I appreciated the instructor's technique of writing live code examples rather than using fixed slide decks to present the material.”


Dive in and learn more

When transforming your workforce, it's important to have expert advice and tailored solutions. We can help. Tell us your unique needs and we'll explore ways to address them.

Let's chat

By filling out this form and clicking submit, you acknowledge our privacy policy.