Nullcon Training event

We are looking forward to this, via @Nullcon

Event: Nullcon Online Training March - 2021
Dates: 01 to 04 March 2021
Timing: 10.00 AM to 2.00 PM IST

Overview

The learning path covers why we need to do security architectural and design analysis & threat modelling as part of our secure software development lifecycle. This is even more important today, with high-volume code turnarounds which can create a huge amount of system dependencies in a short period of time.

Course Content

Will start with the introduction to threat analysis using the attack kill-chain, defense-in-depth, and security framework integration (STRIDE, OWASP Top 10). There will be several small labs during the session. It will also cover the basics of a threat model exercise. we will explore the elements of a threat model and how to research & discover them.

We will understand:

  • Security threat frameworks
  • Attack Kill Chain
  • Att&ck matrix (from Mitre)
  • Defense-In-Depth model
  • Open Systems Interconnectivity model (OSI)
  • STRIDE
  • OWASP Top 10 (OT10)
  • Common Weakness Enumeration (CWE)
  • Relations between threat frameworks
  • Attack Kill Chain to STRIDE
  • Attack Kill Chain to Att&ck
  • Defense-In-Depth to OSI
  • STRIDE to OT10
  • Threat model elements
  • How stakeholders link to assets and security risk
  • How threats and threat agents link to vulnerabilities and mitigations
  • How to quantify threat agents for critical software systems

And you’ll be able to:

  • Use the threat frameworks to assess threats
  • Use the relationship between frameworks to speed up threat discovery
  • Use the relationship between frameworks to build faster mitigation plans
  • Assess the danger of classes of threat agents
  • Use different types of threat modeling based on time available and criticality

Then we will start by going over the approach to threat modeling in real-world scenarios. The Rapid Threat Model Prototyping (RTMP) methodology will then get introduced, framed by secure Agile Architecture practices. It will finish with a big lab that combines all the concepts from the start.

We will understand:

  • Threat model steps
  • When to do different types of threat models
  • How to identify access control dangers in threat model data flows
  • How Business strategies drive strategic architecture decisions
  • Strategic and tactical Agile secure architecture principles/li>
  • Rapid Threat Model Prototyping and how it works in DevOps

And you’ll be able to:

  • Derive strategic secure architectural requirements from business requirements
  • Integrate threat model steps into an Agile workflow
  • Create good fidelity threat models faster and within Agile sprints

Who Should Attend

This training is for you because

  • You’re an architect, developer, tester, security specialist
  • You work with modern software development
  • You want to become a security architect or SME

Prerequisites

Threat Modelling | Geoff Hill | Nullcon Online Training and Conference - March 2021
The learning path covers why we need to do security architectural and design analysis & threat modelling as part of our secure software development lifecycle.