Hands-on Threat Modeling and Tooling for DevSecOps

Based on our OWASP, O’Reilly and Black Hat training experience, we developed an action-packed 8 hour online Threat Modeling workshop specifically for DevOps Engineers to improve reliability and security of delivered software. We will teach an iterative and incremental threat modeling method that is integrated in the development and deployment pipeline.

  • Jun 16
    Online
    2 days
    12:00 - 16:00 UTC
    Seba Deleersnyder
    900 USD

As speed of delivery is crucial with shorter development cycles, increased deployment frequency, and more dependable releases we focus on a risk-based unified threat modeling practice that is in close alignment with business objectives.

The training material and hands-on workshops with real life use cases are provided by Toreon. The students will be challenged to perform practical threat modeling covering the different stages of threat modeling. Exercises are built upon a fictional Acme Hotel Booking (AHB) system, where we migrate a legacy client-server system towards a cloud based, micro service stack using AWS services:

  • Sprint 1: Modeling a hotel booking web and mobile application, sharing a REST backend
  • Sprint 2: Threat identification as part of migrating the booking system application to AWS
  • Sprint 3: AWS threat mitigations for the booking system build on microservices
  • Sprint 4: Building an attack library for CI/CD pipelines

After each hands-on workshop, the results are discussed, and students receive a documented solution.

The workshop will be delivered in two 4-hour sessions:
16 June 14h-18h CEST (8am - 12am EST)
17 June 14h-18h CEST (8am- 12am EST)

Seba Deleersnyder
CEO, Toreon
    NDC Conferences uses cookies to see how you use our website. We also have embeds from YouTube and Vimeo. How do you feel about that?