Whiteboard Hacking aka Hands-on Threat Modeling (2 of 2 days)

Presented at AppSec USA 2017, Sept. 20, 2017, 9 a.m. (480 minutes).

Toreon proposes a 2 day, trainer-led, on-site, Threat Modeling course. The training material and hands-on workshops with real live Use Cases are provided by Toreon. The students will be challenged to perform practical threat modeling in groups of 3 to 4 people covering the different stages of threat modeling on: • A hotel booking web and mobile application, sharing the same REST backend • An Internet of Things (IoT) deployment with an on premise gateway and secure update service • An HR services OAuth scenario for mobile and web applications   This edition also introduces a new section on privacy threats and privacy by design, including a hands-on privacy impact assessment of a face recognition system in an airport. Each student will receive a hard copy of the book: Threat Modeling, designing for security by Adam Shostack (2014, Wiley)   This training is delivered successfully at OWASP Europe 2016 and is selected for OWASP Europe 2017 and Blackhat USA 2017. More details and the outline of the training are available in the attached syllabus.

Presenters:

  • Steven Wierckx - Consultant - Toreon
    Steven Wierckx is application security expert and training at Toreon.com. He is also the project leader for the OWASP threat model project. Steven is a software and security Tester with 15 years of experience in programming, training, security testing, source code review, test automation, functional and technical analysis, development and database design. Steven has a passion for web application security. He is instructor for several secure coding, mobile app testing and threat modeling courses.

Links:

Similar Presentations: