# TMP - Threat Modelling Professional This is a full 8 hours hands-on course where you will learn the practical fundamentals of threat modelling and how to apply it as part of the SSDLC. Learn how to use STRIDE, MITRE ATT\&CK, and OWASP standards to identify threats in your applications. ![](/files/750PXA8K9gHavz0Gz8Vm) ## Prerequisites * Interest in security ## Target audience * Security Engineers * Security Champions * DevOps * Developers * Cloud Engineers / Operations * Product Owners ## Abstract Threat modeling is one of the most important activities in secure software development. This course is designed to give students a practical understanding of Threat Modeling, through whiteboard exercises, real case scenarios, tools, and techniques available in the security industry. The course is project-oriented. Students will go over hands-on labs together with the trainer and solve some of the challenges presented. During the course, other concepts like Secure Coding Principles, Security Requirements, Agile Threat Modelling, Threat Modelling as Code, and Cloud Security will be introduced. This is to ensure that students have a complete overview of the differences and the output of each phase. ## Syllabus
ModuleTopicTime
Secure Software Development Lifecycle
From SDLC to SSDLC (shift left)
OWASP Top 10 2021 introduction
Design Review, Threat Model and secure CI/CD pipeline introduction
DevOps to DevSecOps: how to
Secure design
Secure Design principles
OWASP ASVS V4
From user cases to abuse cases
From abuse cases to security requirements
LAB: OWASP SKF introduction
Practical Threat Modelling
The STRIDE framework: what is it and how to use it
Threat rating methodologies (CVSS , DREAD)
Threat actor centric modeling Approach (MITRE ATT&CK)
LAB: Whiteboard exercise
Web application threat model
Cloud Threat Modelling
Differences between Cloud and Web Threat Modelling
The Egregious Eleven (CSA)
Tesla in depth practical example
Cloud Security Requirements
CSA Cloud Control Matrix: How to use it
STRIDE and the Egregious Eleven for Cloud environments
AWS Threat Modelling
LAB: Whiteboard exercise
Cloud Security Threat Modelling
Mobile Threat Model
OWASP MASVS
Top Threats in Mobile applications: OWASP Top 10
STRIDE for Mobile applications
LAB: Whiteboard exercise
Android Application Threat Model
Agile Threat Model
Threat Model for DevSecOps
Rapid and Continuous Threat Modelling Assessment: microservices
LAB: Hands-onThreat Model as Code

Automate your remediation tests: BDD testing


LAB: Hands-onBuild your first BBD test in Cucumber
Tools and technologies
Documentation
How to store threats, issues and remediations
Confluence and JIRA
## Why should you attend this course? This course will teach how to start securing application and cloud infrastructure as early as possible, giving you the knowledge and the tools required to perform Threat Model exercises with your team. {% hint style="info" %} ### More info? Contact us at {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://1337.dcodx.com/trainings/tmp-threat-modelling-professional.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.