Hands-on threat modeling and tooling for DevSecOps (Day 2)

Description

Please refer to Day 1 » of this training.

This action-packed 2-day threat modeling course is specifically for DevOps engineers to improve reliability and security of delivered software. Sebastien Deleersnyder teaches an iterative and incremental threat modeling method that is integrated with the development and deployment pipeline. Speed of delivery is crucial with shorter development cycles, increased deployment frequency, and more dependable releases, and Sebastien focuses on a risk-based unified threat modeling practice that is in close alignment with business objectives. He reviews tools and introduces threat modeling as code to integrate threat modeling in the CI/CD pipeline and covers threat modeling the CI/CD pipeline itself.

Sebastien bases the training material and hands-on workshops on real live use cases in his experience. You’ll be challenged to perform practical threat modeling in squads of three to four people, covering the different stages of threat modeling on an incremental business-driven CI/CD scenario:

• Sprint 1: Modeling a hotel booking web and mobile application, sharing the same REST backend
• Sprint 2: Threat identification as part of migrating the booking system application to AWS
• Sprint 3: AWS threat mitigations for the booking system built on microservices
• Sprint 4: Building an attack library for CI/CD pipelines

Handouts, templates, and lab challenges will be made available before the training.