Course Duration
2 Days

Cyber
Authorized Training

IT

Course cost:
£2,355.00

IT Certification Overview

Threat modeling is the primary security analysis task performed during the software design stage. Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application and the supporting architecture. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing.

Threat modeling allows you to consider, document, and discuss the security implications of designs in the context of their planned operational environment and in a structured fashion. It also allows consideration of security issues at the component or application level. The threat modeling course will teach you to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model.

Book Now

Newto Training Reviews

What Our Happy Alumni Say About Us

Trustpilot
Chris Ellis

I had absolutely no experience in this field, but Newto Training recognised my potential and supported me every step of the way. The real-life scenarios were invaluable in making me job-ready.

William Thompson
Chloe Bennett

The tutors at Newto are consistently patient, clear and more than willing to help. I couldn't have asked for a better learning environment.

Emily Smith
Valdi Abolins

From day one I felt welcomed and supported. The live sessions were interactive and the resources well thought-out. I passed my exam on the first attempt thanks to them.

Valdi Abolins
Almansur A O

I was nervous about switching careers but the practical approach and continual 1-to-1 support gave me the confidence I needed to succeed."

John Wilson
Mr Stephen Kafuko

The training material was excellent, and the instructors really brought the subject to life with hands-on lab work. I feel fully prepared for the workplace."

Matthew Jackson
Maryam Farooq

What impressed me most was the flexibility and responsiveness of the support team. Whenever I had a question, they were there even outside of normal hours.

Noorah Rahman
Olivia Hughes

The course structure was superb. A great mix of theory and practice delivered at a pace that made sense even for beginners. Highly recommended.

Grace Miller
Sophia Clarke

Switching into IT felt overwhelming, but Newto Training made the journey manageable and quite enjoyable. Their coaching style is top class.

Sophie Taylor
Alison Whitfield

I particularly appreciated the way complex topics were broken down into manageable chunks, and the tutor actively encouraged questions at every stage.

Charlotte Brown
Mehzabin K

The live-taught interactive classes set Newto apart from other providers. It wasn't just video-based learning and the real engagement made all the difference.

Amira Khalid
Abhishek Singh

The cyber course exceeded my expectations. They've been on hand for everything and are constantly in touch with me

Marcus Robinson

The resources provided were spot on and the teaching style made everything easy to understand. I particularly appreciated the extra help offered when needed.

Imani Brown
Ouisall

Enrolling with Newto was one of the best decisions I've made. The job-readiness focus, strong teaching and excellent support all stood out.

Ouisall Davis
Sapas

I completed my SQL course and now feel confident in my skills. The real-world examples and supportive tutors made it all click.

Abhishek Singh

I've just passed my AZ-900 exam thanks to the support received from Ken in the boot camp and his exam preparation sessions.

Rishi Gupta

I've gained a qualification and the confidence to use it in real-world scenarios.

Mei Chen

Their commitment to student success is obvious from the personalised guidance to the quality of delivery. I'd recommend them without hesitation.

Aarav Sharma

Every tutor I encountered was professional, encouraging and keen to see me succeed. That personal touch made a big difference.

Marcus Johnson

I'm now in a role I once thought was out of reach, thank you to the all the team

Ananya Singh

The bootcamps were excellent, we were given practical projects to complete and I feel so much more confident with my coding skills

Ethan Walker
Chris Ellis

I had absolutely no experience in this field, but Newto Training recognised my potential and supported me every step of the way. The real-life scenarios were invaluable in making me job-ready.

William Thompson
Chloe Bennett

The tutors at Newto are consistently patient, clear and more than willing to help. I couldn't have asked for a better learning environment.

Emily Smith
Valdi Abolins

From day one I felt welcomed and supported. The live sessions were interactive and the resources well thought-out. I passed my exam on the first attempt thanks to them.

Valdi Abolins
Almansur A O

I was nervous about switching careers but the practical approach and continual 1-to-1 support gave me the confidence I needed to succeed."

John Wilson
Mr Stephen Kafuko

The training material was excellent, and the instructors really brought the subject to life with hands-on lab work. I feel fully prepared for the workplace."

Matthew Jackson
Maryam Farooq

What impressed me most was the flexibility and responsiveness of the support team. Whenever I had a question, they were there even outside of normal hours.

Noorah Rahman
Olivia Hughes

The course structure was superb. A great mix of theory and practice delivered at a pace that made sense even for beginners. Highly recommended.

Grace Miller
Sophia Clarke

Switching into IT felt overwhelming, but Newto Training made the journey manageable and quite enjoyable. Their coaching style is top class.

Sophie Taylor
Alison Whitfield

I particularly appreciated the way complex topics were broken down into manageable chunks, and the tutor actively encouraged questions at every stage.

Charlotte Brown
Mehzabin K

The live-taught interactive classes set Newto apart from other providers. It wasn't just video-based learning and the real engagement made all the difference.

Amira Khalid
Chris Ellis

I had absolutely no experience in this field, but Newto Training recognised my potential and supported me every step of the way. The real-life scenarios were invaluable in making me job-ready.

William Thompson
Chloe Bennett

The tutors at Newto are consistently patient, clear and more than willing to help. I couldn't have asked for a better learning environment.

Emily Smith
Valdi Abolins

From day one I felt welcomed and supported. The live sessions were interactive and the resources well thought-out. I passed my exam on the first attempt thanks to them.

Valdi Abolins
Almansur A O

I was nervous about switching careers but the practical approach and continual 1-to-1 support gave me the confidence I needed to succeed."

John Wilson
Mr Stephen Kafuko

The training material was excellent, and the instructors really brought the subject to life with hands-on lab work. I feel fully prepared for the workplace."

Matthew Jackson
Maryam Farooq

What impressed me most was the flexibility and responsiveness of the support team. Whenever I had a question, they were there even outside of normal hours.

Noorah Rahman
Olivia Hughes

The course structure was superb. A great mix of theory and practice delivered at a pace that made sense even for beginners. Highly recommended.

Grace Miller
Sophia Clarke

Switching into IT felt overwhelming, but Newto Training made the journey manageable and quite enjoyable. Their coaching style is top class.

Sophie Taylor
Alison Whitfield

I particularly appreciated the way complex topics were broken down into manageable chunks, and the tutor actively encouraged questions at every stage.

Charlotte Brown
Mehzabin K

The live-taught interactive classes set Newto apart from other providers. It wasn't just video-based learning and the real engagement made all the difference.

Amira Khalid
Abhishek Singh

The cyber course exceeded my expectations. They've been on hand for everything and are constantly in touch with me

Marcus Robinson

The resources provided were spot on and the teaching style made everything easy to understand. I particularly appreciated the extra help offered when needed.

Imani Brown
Ouisall

Enrolling with Newto was one of the best decisions I've made. The job-readiness focus, strong teaching and excellent support all stood out.

Ouisall Davis
Sapas

I completed my SQL course and now feel confident in my skills. The real-world examples and supportive tutors made it all click.

Abhishek Singh

I've just passed my AZ-900 exam thanks to the support received from Ken in the boot camp and his exam preparation sessions.

Rishi Gupta

I've gained a qualification and the confidence to use it in real-world scenarios.

Mei Chen

Their commitment to student success is obvious from the personalised guidance to the quality of delivery. I'd recommend them without hesitation.

Aarav Sharma

Every tutor I encountered was professional, encouraging and keen to see me succeed. That personal touch made a big difference.

Marcus Johnson

I'm now in a role I once thought was out of reach, thank you to the all the team

Ananya Singh

The bootcamps were excellent, we were given practical projects to complete and I feel so much more confident with my coding skills

Ethan Walker
Abhishek Singh

The cyber course exceeded my expectations. They've been on hand for everything and are constantly in touch with me

Marcus Robinson

The resources provided were spot on and the teaching style made everything easy to understand. I particularly appreciated the extra help offered when needed.

Imani Brown
Ouisall

Enrolling with Newto was one of the best decisions I've made. The job-readiness focus, strong teaching and excellent support all stood out.

Ouisall Davis
Sapas

I completed my SQL course and now feel confident in my skills. The real-world examples and supportive tutors made it all click.

Abhishek Singh

I've just passed my AZ-900 exam thanks to the support received from Ken in the boot camp and his exam preparation sessions.

Rishi Gupta

I've gained a qualification and the confidence to use it in real-world scenarios.

Mei Chen

Their commitment to student success is obvious from the personalised guidance to the quality of delivery. I'd recommend them without hesitation.

Aarav Sharma

Every tutor I encountered was professional, encouraging and keen to see me succeed. That personal touch made a big difference.

Marcus Johnson

I'm now in a role I once thought was out of reach, thank you to the all the team

Ananya Singh

The bootcamps were excellent, we were given practical projects to complete and I feel so much more confident with my coding skills

Ethan Walker

Prerequisites

None.

Target Audience

This course is aimed at software developers, architects, system managers or security professionals. Before attending this course, students should be familiar with basic knowledge of web and mobile Applications, databases & Single sign on (SSO) principles.

Learning Objectives

  • The why, what, how, and when of threat modelling
  • How to create and update a threat model
  • How to create an actionable threat model with your stakeholders
  • How to organise and prepare efficient threat modelling workshops
  • How to explain the methodology and need for threat modelling to others
  • Diagramming techniques, including Data Flow Diagramming
  • Threat identification techniques, including STRIDE and attack trees
  • How to carry out technical risk rating using the OWASP risk rating methodology
  • How to mitigate security and privacy threats with standard mitigations
  • The soft skills that will make you a better threat modeler

Whiteboard Hacking (AKA Hands-On Threat Modelling) Course Content

Threat modeling introduction

  • Threat modeling in a secure development lifecycle
  • What is threat modeling?
  • Why perform threat modeling?
  • Threat modeling stages
  • Different threat modeling methodologies
  • Document a threat model

Diagrams – what are you building?

  • Understanding context
  • Doomsday scenarios
  • Data flow diagrams
  • Trust boundaries
  • Sequence and state diagrams
  • Advanced diagrams
  • Hands-on: diagramming web and mobile applications, sharing the same REST backend

Identifying threats – what can go wrong?

  • STRIDE introduction
  • Spoofing threats
  • Tampering threats
  • Repudiation threats
  • Information disclosure threats
  • Denial of service threats
  • Elevation of privilege threats
  • Attack trees
  • Attack libraries
  • Hands-on: STRIDE analysis of an Internet of Things (IoT) gateway and cloud update service

Addressing each threat

  • Mitigation patterns
  • Authentication: mitigating spoofing
  • Integrity: mitigating tampering
  • Non-repudiation: mitigating repudiation
  • Confidentiality: mitigating information disclosure
  • Availability: mitigating denial of service
  • Authorization: mitigating elevation of privilege
  • Specialist mitigations
  • Hands-on: AWS threat mitigations for a travel booking system build on microservices

Threat modeling and compliance

  • How to marry threat modeling with compliance
  • GDPR and Privacy by design
  • Privacy threats
  • LINDUNN and Mitigating privacy threats
  • Threat modeling medical devices (FDA pre- and post-market guidance)
  • Threat modeling Industrial Control Systems (IEC 62443)
  • Threat Assessment and Remediation Analysis for automotive (TARA, SAE 21434)
  • Mapping threat modeling on compliance frameworks
  • Hands-on: privacy threat modeling of a face recognition system in an airport

Penetration testing based on offensive threat models

  • Create pentest cases for threat mitigation features
  • Pentest planning to exploit security design flaws
  • Vulnerabilities as input to plan and scope security testing
  • Prioritization of pentesting based on risk rating
  • Hands-on: get into the defender's head – modeling points of attack of a nuclear facility.

Advanced threat modeling

  • Typical steps and variations
  • Validation threat models
  • Effective threat model workshops
  • Communicating threat models
  • Agile and DevOps threat modeling
  • Improving your practice with the Threat Modeling Playbook
  • Scaling up threat modeling
  • Threat modeling and compliance: ISO14971 (medical devices), IEC 62443 (industrial cybersecurity), SAE 21434 (automotive)
  • Threat models examples: medical devices, automotive, industrial control systems, IoT and Cloud

Threat modeling resources

  • Open-Source tools
  • Commercial tools
  • General tools
  • Threat modeling tools compared
  • Battle for control over 'Zwarte Wind', an offshore wind turbine park

Examination

  • Hands-on examination
  • Grading and certification

Student package

Your bonus training package includes:

  • Following a successful exam (passing grade defined at 70%): Threat Modeling Practitioner certificate
  • One year of access to our threat modeling e-learning platform
  • Presentation handouts
  • Tailored use case worksheets
  • Detailed use case solution descriptions
  • Threat model documentation template
  • Template for calculating identified threat risk severity
  • Threat modeling playbook
  • STRIDE mapped on compliance standards

Upcoming Dates

Dates and locations are available on request. Please contact us for the latest schedule.

Advance Your Career with Whiteboard Hacking (AKA Hands-On Threat Modelling)

Gain the skills you need to succeed. Enrol in Whiteboard Hacking (AKA Hands-On Threat Modelling) with Newto Training today.

Call us today WhatsApp Us
Easter Sale 1st April - 10th April
UP TO 80% OFF
Sale ends in
00Days
00Hours
00Mins
00Secs
Claim Discount