Threat Modeling

Course Description

Building secure software is hard, largely because application security is a vast domain, and it needs to compete for attention with other, more visible business requirements. Threat models are a way to chart that domain. They focus on the design of the application, revealing weaknesses in early stages and helping teams understand what to protect and how to do so. This insight enhances the effectiveness and cost-efficiency of subsequent security measures, such as code reviews and penetration tests.

The Threat Modeling course is a hands-on workshop where participants get to practice what they learn in the context of a case study. The workshop follows the Black Duck approach—the way our consultants do it—and provides insights into how to apply the skills learned with different methodologies.

Customers may choose from the following case studies, each with a different technological focus:

  • Enterprise
  • AI/ML
  • Embedded
  • Custom

Learning Objectives

At the end of this course, you will be able to:

  • Understand the importance of threat modeling in the software development life cycle
  • Describe and follow the steps of a threat model using the Black Duck approach as reference
  • Perform the three core phases of the threat modeling process with hands-on labs: system modeling, attack modeling, and risk analysis

Delivery Format: 

  • Traditional Classroom
  • Virtual Classroom

Duration: 

  • 16 hours

Level: 

  • Advanced

Intended Audience

  • Developers
  • DevOps Engineers
  • Architects
  • QA Engineers
  • Security Practitioners
  • Managers