Course APP204C
Description
This course provides a thorough examination of the fundamental principles and practices of threat modelling in a DevSecOps context. It is tailored for participants aiming to establish a strong foundation in threat modelling. It covers a broad spectrum of topics essential for understanding and managing security risks. Participants will acquire the knowledge and skills needed to identify, document, and mitigate potential threats, while also learning how to seamlessly integrate these practices into the DevSecOps pipeline for ongoing security enhancement.
Objectives
Upon successful completion of this course, the participants will be able to:
- the foundational principles of threat modelling for secure software development
- document system components using dataflow diagrams (DFDs), unified modelling language (UML), and other modelling techniques for threat analysis
- analyze common threat models and their application to various software architectures
- apply the STRIDE and DREAD methodologies to identify and prioritize threats
- conduct post-modelling evaluations to validate the effectiveness of threat mitigations
- use key resources and tools to support comprehensive threat modelling efforts
- integrate threat modelling practices into the DevSecOps pipeline for continuous security
- apply threat modelling techniques
Target audience
The target audience includes project managers, business analysts, testers, and software developers from the GC and the Learning Hub’s eligible partners.
Prerequisites
Participants must successfully complete elearning course APP103S – Introduction to DevSecOps prior to attending this course.