TMP - Threat Modelling Professional
Learn how to start threat modeling applications without being held off by paperwork. In this course we will introduce the concept of threat modelling for web, cloud and mobile applications.
This is a full 8 hours hands-on course where you will learn the practical fundamentals of threat modelling and how to apply it as part of the SSDLC. Learn how to use STRIDE, MITRE ATT&CK, and OWASP standards to identify threats in your applications.

- Interest in security
- Security Engineers
- Security Champions
- DevOps
- Developers
- Cloud Engineers / Operations
- Product Owners
Threat modeling is one of the most important activities in secure software development. This course is designed to give students a practical understanding of Threat Modeling, through whiteboard exercises, real case scenarios, tools, and techniques available in the security industry. The course is project-oriented. Students will go over hands-on labs together with the trainer and solve some of the challenges presented. During the course, other concepts like Secure Coding Principles, Security Requirements, Agile Threat Modelling, Threat Modelling as Code, and Cloud Security will be introduced. This is to ensure that students have a complete overview of the differences and the output of each phase.
Module | Topic | Time |
---|---|---|
Secure Software Development Lifecycle | | |
| From SDLC to SSDLC (shift left) | |
| OWASP Top 10 2021 introduction | |
| Design Review, Threat Model and secure CI/CD pipeline introduction | |
| DevOps to DevSecOps: how to | |
Secure design | | |
| Secure Design principles | |
| OWASP ASVS V4 | |