Hands-on Threat Modeling and Tooling for DevSecOps
Based on our OWASP, O’Reilly and Black Hat training experience, we developed an action-packed 8 hour online Threat Modeling workshop specifically for DevOps Engineers to improve reliability and security of delivered software. We will teach an iterative and incremental threat modeling method that is integrated in the development and deployment pipeline.
- Jun 16Online2 days12:00 - 16:00 UTCSeba Deleersnyder1 200 USD
As speed of delivery is crucial with shorter development cycles, increased deployment frequency, and more dependable releases we focus on a risk-based unified threat modeling practice that is in close alignment with business objectives.
The training material and hands-on workshops with real life use cases are provided by Toreon. The students will be challenged to perform practical threat modeling covering the different stages of threat modeling. Exercises are built upon a fictional Acme Hotel Booking (AHB) system, where we migrate a legacy client-server system towards a cloud based, micro service stack using AWS services:
- Sprint 1: Modeling a hotel booking web and mobile application, sharing a REST backend
- Sprint 2: Threat identification as part of migrating the booking system application to AWS
- Sprint 3: AWS threat mitigations for the booking system build on microservices
- Sprint 4: Building an attack library for CI/CD pipelines
After each hands-on workshop, the results are discussed, and students receive a documented solution.
The workshop will be delivered in two 4-hour sessions:
16 June 14h-18h CEST (8am - 12am EST)
17 June 14h-18h CEST (8am- 12am EST)