Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

In-Person Training
Whiteboard hacking: Hands-on threat modeling

Steven Wierckx (Toreon)
Sunday, October 29 & Monday, October 30, 9:00am - 5:00pm
Tools and processes
Location: Gibson

Participants should plan to attend both days of this 2-day training course. Platinum and Training passes do not include access to tutorials on Monday.

Drawing on real-world use cases—including hotel booking web and mobile applications that share the same REST backend, an internet of things deployment with an on-premises gateway and secure update service, and an HR services OAuth scenario for mobile and web applications—Steven Wierckx walks you through performing practical threat modeling and discusses privacy threats and privacy by design.

What you'll learn, and how you can apply it

  • Learn how to perform effective threat modeling
  • Explore real-world use cases for practical threat modeling

This training is for you because...

  • You're a CISO, software architect, developer, or security professional who wants to gain a deeper understanding of threat modeling.

Prerequisites:

  • A basic understanding of IT security concepts

Hardware and/or installation requirements:

  • A laptop (useful but not required)

Drawing on real-world use cases—including hotel booking web and mobile applications that share the same REST backend, an internet of things deployment with an on-premises gateway and secure update service, and an HR services OAuth scenario for mobile and web applications—Steven Wierckx walks you through performing practical threat modeling. Along the way, Steven discusses privacy threats and privacy by design, through a hands-on privacy impact assessment of a face recognition system in an airport.

Participants will receive a hard copy of the book Threat Modeling: Designing for Security by Adam Shostack.

About your instructor

Photo of Steven Wierckx

Steven Wierckx is a software and security tester with 20 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design. Steven shares his passion for web application security through writing and training on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He’s the project leader for the OWASP Threat Modeling Project and organizes the BruCON student CTF. He spoke at Hack in the Box Amsterdam, hosted workshops at BruCON and DevSecCon (UK) and delivered threat modeling training at OWASP AppSec USA, OWASP AppSec Israel, BruCON and O’Reilly Security New York.

Twitter for ihackforfun

Conference registration

Get the Platinum pass or the Training pass to add this course to your package.