Whether a historically grown monolith or the latest application with MACH architecture, all applications are exposed to individual threats specific to them. This means that there can be no standard source or reference list that describes relevant threat scenarios to the team. Instead, the team must address its own security posture at two different levels: Threats detected at the conceptual level affect the architecture and design of the application, while threats at the implementation level originate in the code.
Threat Modeling describes a regular process to identify threats on the conceptual level and to gather evidence for those on the implementation level.
This seminar focuses on different methods of threat modeling. Classics such as Microsoft’s STRIDE approach will be evaluated alongside lesser known methods such as PASTA and Attack Trees. The main features are illustrated by means of a typical example application, which is based on architectures regularly encountered in everyday consulting work. Experiences regarding zero-trust or serverless architectures will be shared and compared to on-premises trust-boundary scenarios.
In addition to the methods, experiences with relevant threat modeling tools such as OWASP Threat Dragon and Microsoft Threat Modeling Tool are presented. Advice is given on integrating threat modeling into development processes.
Learning Objectives
After the seminar the participants will be able to
- create a basic threat model of an application they are familiar with and
- assess the value and limitations of threat models.
Target audience
- Decision makers
- Project managers
- Software architect
- Software developer
- Security Officers
Duration
2 hours to one day
Prerequisites
none
Trainer
![]() |
Dr. Bastian Braun Security consultant in many software projects |
![]() |
Björn Kirschner Experienced penetration tester and IT security consultant |
![]() |
Dr. Benjamin Kellermann Experienced penetration tester and IT security consultant |
Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.
You might also be interested in these trainings:
ALL TRAININGS
Ihr Ansprechpartner:
Dr.-Ing. Benjamin Kellermann
Nehmen Sie Kontakt per Email auf.
Oder rufen Sie uns an oder nutzen Sie unser Kontaktformular.