Course APP204C
Description
This course presents threat modelling as a fundamental approach to building secure software systems. It covers techniques such as DFDs to map system components and examines how to apply STRIDE and DREAD to detect and rank potential threats. Participants will assess mitigation measures and leverage tools to support their analysis. The course also explores integrating threat modelling into DevSecOps workflows and applying these practices in real-world contexts.
Objectives
- Explain the foundational principles of threat modelling for secure software development
- Document system components using dataflow diagrams (DFDs)
- Analyze common threat models and their application to various software architectures
- Apply the STRIDE and DREAD methodologies to identify and prioritize threats
- Conduct post-modelling evaluations to validate the effectiveness of threat mitigations
- Integrate threat modelling practices into the DevSecOps pipeline
Target audience
Project managers, business analysts, testers, and software developers.
Prerequisite(s)
Participants must successfully complete course APP203C - Security Controls in Software prior to attending this course.