Threat Modeling

Threat Modeling

or Whiteboard Hacking training

Hands-on training

Our threat modeling courses are aimed at software developers, architects, system managers, and security professionals. We organise our trainings in-house on-demand, in open sessions, at conferences and now also online.

Threat modeling is the way to avoid risks in your applications upfront. Without threat modeling your protection is a shot in the dark and you will only know your vulnerabilities once someone exploits them.

Threat modeling consists of workshops where you examine an application or system together with business and IT owners. You draw diagrams in order to detect security problems based on credible attack vectors.

We follow the STRIDE methodology as developed by Adam Shostack and have developed a practical training course to turn YOU into a great threat modeler.

TMI newsletter

Our monthly “Threat Modeling Insider” (TMI) newsletter brings a combination of guest articles, white papers, curated articles and tips on threat modeling to your inbox. It will bootstrap and elevate your security knowledge and threat modeling skills.

Previous editions include guest content from Adam Shostack, Bruce Schneier and Geoff Hill, and practical tips such as which diagramming tools to use.

What you will learn

In this 2-day threat modeling course, our experienced trainer will teach you how to use threat modeling in your current development practice.

You will learn the basics of threat modeling and to understand what you are building, how to identify threats using the STRIDE method and how to address each threat. Comprehensive training material and hands-on workshops with real-world use cases will guide you through all aspects of threat modeling.

If you’ve followed this initial course and are hungry for more, we have an advanced threat modeling training available for you.

The extras

This course is all about getting you started with Whiteboard hacking or threat modeling as soon – and as effectively – as possible. We make your journey more convenient, with some interesting extras:

  • our Whiteboard Hacking survival guide
  • hand-outs of the presentations
  • worksheets and detailed solution descriptions of the use cases
  • templates, one to document a threat model and one to calculate risk levels of identified threats
  • certification for successful completion of the course
TM done right

Stop shooting in the dark

Threat modeling – also called Architectural Risk Analysis – is an essential step in the development of your application. Without it, your protection is a shot in the dark.  Download our whitepaper and discover how to do threat modeling right.

This is what others said :

“Sebastien delivered! One of the best workshop instructors I’ve ever had.”

“Very nice training course, one of the best I ever attended.”

“I feel that this course is one of the most important courses to be taken by a security professional.”

“The group hands-on practical exercises truly helped.”

“Toreon’s comprehensive Threat Modeling training has enabled several Trend Micro R&D teams to identify software security risks at the design phase with a structured approach. ”

“Modern, comprehensive threat modeling techniques”

Where to find threat modeling open training sessions?

  • Online: Whiteboard Hacking a.k.a. Hands-on Threat Modeling hosted by Toreon CEST (May 26, 2020)
  • Online: Whiteboard Hacking a.k.a. Hands-on Threat Modeling hosted by Toreon  11 pm EDT (May 28, 2020)
  • Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling at 44CON, London, UK (4-5 June, 2020)
  • Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling at Black Hat USA, Las Vegas (1st session on 1-2 August, 2020)
  • Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling at Black Hat USA, Las Vegas (2nd session on 3-4 August, 2020)
  • Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling at HITB, Singapore (27-28 Aug, 2020)
  • Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling hosted by Cqure, Netherlands (6-7 Oct, 2020)
  • Hands-On Threat Modeling and Tooling for DevSecOps at the Craft conference, Budapest, Hungary (14-Oct, 2020)

OOPS you missed these trainings

  • OWASP Virtual AppSec Days April
  • Sec4Dev 2020, Vienna, Austria;
  • 44CON Dec-2019, London, UK;
  • IT Security Summit 2019, Berlin, Germany;
  • OWASP AppSec Day 2019, Melbourne, Australia;
  • CS3STHLM 2019, Stockholm, Sweden;
  • OWASP Global AppSec Amsterdam 2019;
  • Black Hat 2019 Las Vegas, USA;
  • O’Reilly Velocity 2019, San Jose, USA;
  • OWASP Global AppSec 2019, Tel Aviv, Israel;
  • SecAppDev 2019, Leuven, Belgium;
  • BlackHat Europe 2018, London,UK;
  • BruCON 2018 in Ghent, Belgium;
  • Black Hat 2018 Las Vegas, USA;
  • O’Reilly conference 2017, NY, USA;
  • Black Hat USA 2017 in Las Vegas, USA;
  • OWASP AppSec Europe 2017 in Belfast, Northern Ireland.

Read a blog about Threat Modeling

TMI newsletter 9 How often do living documents need to breathe?

You might have heard of threat modeling as a structured activity for identifying and managing application threats. And that’s exactly…

FDA recommends Threat Modeling as Cybersecurity Risk Assessment methodology

We’ve created a whitepaper, in collaboration with experts from the medical device community, to highlight how Threat Modeling can be…

Threat modeling in 4 steps

Threat modeling is performed through a series of workshops. Architects, developers and system administrators are guided through the threat modeling…

© 2020 door Toreon | Algemene voorwaarden | Cookie policy

Start typing and press Enter to search

Shopping Cart
Copy link
Powered by Social Snap