13:30 - 17:00
Music Hall 2
During this workshop we will give a crash course in threat modeling. Threat modeling is a structured activity for identifying and evaluating application threats and design flaws. You use the identified flaws to adapt your design, and scope your security testing. Threat modeling allows you to consider, identify, and discuss the security implications of user stories in a structured fashion, and in the context of their planned operational environment.
This threat modeling workshop will teach you to perform threat modeling through a series of exercises, where our trainer will guide you through the different stages of a practical threat model based on an AWS and microservices migration from a classical web application. At the end of the workshop we will create a complete threat model of a CI/CD pipeline.
This workshop is meant for security champions, application architects, developers and security people. Basic understanding of software development, microservice architecture and cloud platforms (AWS) is recommended. No previous threat model knowledge is needed.