NZ$201.21

OWASP NZ Training - Wellington - Threat Modelling: From None to Done

Event Information

Share this event

Date and Time

Location

Location

RedShield House

79 Boulcott Street

Wellington, Wellington 6011

New Zealand

View Map

Event description
OWASP New Zealand Training Day - Wellington (24 October) Training Class: Threat Modelling: From None to Done - John DiLeo

About this Event

The OWASP New Zealand Chapter is pleased to present our annual Training Days event. This year, we are offering classes in three cities - Dunedin, Auckland, and Wellington, on different Saturdays in October.

In Wellington, we are offering a class on Saturday, 24 October:

  • Threat Modelling: From None to Done - John DiLeo

Registration check-in will open at 8:00 a.m., and classes will run from 8:45 a.m. to 5:30 p.m., with breaks for lunch and morning and afternoon tea.

Registration is NZ $195.00 (plus EventBrite fees).

A special thank-you to Red Shield for providing the classroom space, and to Kirk Jackson for serving as our event host for the day.

Registration closes on Thursday, 22 October.

Threat Modelling: From None to Done

John DiLeo

Training Abstract:

This session offers participants an interactive introduction to Threat Modelling, based on the instructor's learning and experience over the past several years. A primary focus of this course is the introduction of threat modelling activities into your organisation's software development processes, to improve the overall quality and security of the applications you build.

As a recent "convert" to the application security world, your instructor has developed his "expertise" in threat modelling by gathering information from a variety of sources. He's combined those learnings with his own experience to create a practical threat modelling approach he has successfully applied within his professional roles.

In addition to addressing key questions around the "Five Ws," the presentation will cover the "Four Questions" approach to developing a model, and include several interactive exercises to provide direct experience. A brief review of available modelling tools will also be included, along with an approach to introducing Threat Modelling into your SDLC.

Objectives:

In this course, attendees can expect to:

  • Gain a better understanding of the motivations for, and benefits of, threat modelling
  • Learn the process for building a threat model, using the "four questions" approach
  • Learn how to introduce threat modelling into existing organisations, and development projects working with "legacy" applications
  • Learn about available tools for creating and managing threat models
  • Learn about integrating threat modelling into the software development lifecycle

Topic Outline:

  • Introduction - Overview, and Initial Modelling Exercise
  • The Five Ws of Threat Modelling
  • Our Modelling Approach - Shostack's Four Questions
  • Identifying the Scope
  • Identifying Threats
  • Risk Management Overview
  • Identifying Mitigations
  • Selecting Mitigations
  • Verification and Validation
  • Getting Started - Incremental Threat Modelling
  • Tools for Creating Threat Models
  • Integration with the SDLC

About John

John is an active member and leader of several OWASP projects and global committees, including as co-leader of the OWASP Application Security Curriculum Project. He also serves as a co-leader of the OWASP New Zealand Chapter.

In his day job, John serves as an internal application security consultant at Air New Zealand.

Twitter: @gr4ybeard

Share with friends

Date and Time

Location

RedShield House

79 Boulcott Street

Wellington, Wellington 6011

New Zealand

View Map

Save This Event

Event Saved