SINCON 2021 Training — Advanced Security Design: Threat Modeling Masterclass
by Avi Douglen (AviD), Bounce Security
So, you’ve decided your products need better security? Now, you need to improve your development workflow and start introducing security into your software design activities. But with a focus on quick delivery, your team doesn't have much bandwidth to discuss quality or security, let alone integrate heavyweight security activities into the development workflow...
Threat Modeling, a structured methodology for security analysis of complex systems, can help you effectively identify and prioritise potential threats and attack vectors, and understand the appropriate mitigations. This can also build customer confidence. Still, comprehensive methodologies are often difficult to integrate into your workflow, so we also introduce a more lightweight "value-driven" approach for security-minded developers.
As a professional developer, you want to contribute to your product's security, and take ownership of the security features in your products. You want to build on secure architectures, but likely don’t have unlimited time. With training and tangible experience, you could independently threat model your applications and design a more secure architecture, easing the load off your security team, and creating deeper integration and a higher level of security than enforcing it externally.
Our Threat Modeling Masterclass will kickstart your security design efforts, teach your developers the skills required to build their own threat models for your products, and train with hands-on experience so that you are confident to continue designing secure products using threat modeling. Experienced security professionals will get more insight into developer workflows, gain skills to provide your teams with the artifacts they need to implement a secure design, and even empower developers to design a more secure architecture themselves, easing the load off you.
Upon completion of this training, attendees will know:
What threat modeling is, and why you need it.
How to threat model your application.
Strategies to integrate threat modeling in their own agile development workflow.
Date: 25-27 Oct 2021 (Mon-Wed)
Time: The course will be held over 3 afternoons (SGT, GMT+8)
Venue: This course will be conducted live online
Super Early Bird (Sign up by 31 Jul 2021): $1,400 SGD (Limited to the first 4 seats)
Early Bird (Sign up by 31 Aug 2021): $1,600 SGD
Standard (Sign up by 30 Sep 2021): $2,000 SGD
Late: $2,600 SGD
A 20% bulk registration discount is available for organisations registering 3 or more students. Please contact us directly to receive this discount.
This interactive training will consist of a series of informational classes, presenting the methodology and techniques in an educational format. This will largely be based on popular methodologies such as STRIDE-per-element, attack trees, and our own proven "Value-Driven" approach for integrating lightweight threat modeling into an agile or CI/CD development workflow.
Combined with each session, we will break out into hands-on, collaborative exercises, where participants will be challenged to apply a technique or lead part of the process themselves. Participants will be provided with a variety of realistic example scenarios, from a modern e-commerce site, to complex legacy enterprise system, to blockchain and IoT devices. Eventually, we will go through the whole threat modeling process for a selection of features or user stories, with participants taking turns leading parts of the session, and hands-on creation of different types of diagrams and other artefacts.
We will rotate through a variety of approaches and techniques, encouraging an open dialogue around the models to evoke insight and learn how to examine our assumptions. Participants will also gain experience with a range of formal vs. lightweight approaches, enabling them to select the most appropriate trade-off between depth and agility for each situation.
The course will cover the following topics, combined with both group exercises and hands-on challenges. Practice scenarios will be provided, based on real-life systems, for which students will build threat models.
Day 1: Fundamentals and Threats
Overview – The course will start with explaining the concept of Threat Modeling in general, as well as defining goals – and non-goals – for a successful threat modeling practice. We’ll also show an example of a completed threat model, to give students a clearer picture of what is possible.
Universal Principles – A common framework for building a threat modeling process, seeing what are valuable and useful patterns to follow (and anti-patterns to avoid).
Modeling Basics – This will cover the basic tools, diagrams (e.g. DFDs), concepts, and different approaches to threat modeling. Students will get comfortable drawing on a whiteboard (virtual or physical) in a collaborative manner, and understand how to draw an effective diagram. We’ll also cover some relevant projects, such as OWASP Threat Dragon.
Application Decomposition – How to diagram a system and dig into the correct details to flesh out the system’s story. We’ll examine several scenarios, and learn techniques to recognize our assumptions as well as tips for effective storytelling. Students will all practice building these diagrams, demonstrating the interactions, flows, and trust between components, and learn how to focus on the important aspects of a system or a feature.
Threat Identification – We will present several models to assist in discovering potential threats based on the diagrams, and especially the STRIDE classification framework. We’ll see some illustrative examples, as well as alternative models for specific use cases. Of course, everyone will practice applying STRIDE by element for each of the scenarios, and help each other brainstorm additional methods through open dialogue. By the end of this session, students will feel confident they can ask the right questions and determine applicable threats.
Day 2: Mitigation and Agile
Risk Rating – In this section, we will review the threats the class previously identified, and attempt to define an applicable risk level. Students will see several definitions of risk, and apply these based on the situational context gleaned from the previous phases.
Countermeasures – Based on the previously analyzed scenarios, the group will design mitigation strategies for each threat. We will discuss how to find the benefits, drawbacks, and alternatives. Students will learn effective shortcuts to finding standard solutions, and how to leverage existing bodies of knowledge such as ASVS and pattern libraries.
Retrospective – Here we’ll take a look at the models we’ve completed, and see how to analyze them for shortcomings. Students will receive guidance as to what signals to look for when reviewing a model.
Lightweight Approaches– As an alternative to a full-size STRIDE matrix, we will see various options for lightweight threat models, as well as their constraints, and how to integrate with modern development processes that emphasize velocity, such as agile, DevOps, and so on. We will practice expanding user stories for our scenarios using a "value-driven" approach and creating several new ones. Students will practice a variety of lightweight techniques, learn when to apply each, and see how to build a flexible process that incorporates the best techniques at the right time.
Full Process – As a culmination of all the techniques that were described during the course, students will be challenged to complete a full threat model for a (small) system, based on the different stages of threat modeling. We will compare results, and share ideas to improve for next time.
Some familiarity with the modern application development process. Some coding experience (any modern language) preferred, not required.
Product security teams, software architects, experienced software developers, and security champions, as well as security/pentesters that want to expand to securing software.
AVI DOUGLEN (AviD) is a prominent security architect and software developer, with decades of experience leading development teams in building secure products and protecting complex systems. His research interests are efficient security engineering, usable security, and scaling enterprise security systems. He is obsessed with maximizing value output from security efforts,
Now leading consulting at Bounce Security, Avi supports organizations of all sizes with incorporating security methodologies and products into their development workflows, often providing training on secure coding and other security topics. He is obsessed with integrating developers and security, and is relentless about optimizing security investment, and threat modeling in particular.
AviD is a frequent trainer and speaker at industry conferences, such as OWASP, RSA, BSides, and InfoSec, as well as developer conferences such as O’Reilly, DevSecCon, PyCon, and DevOpsDays. He has trained thousands of developers on security, including secure coding, security architecture, threat modeling, and more.
AviD currently serves on the Board of Advisors at Labs/02, a seed-stage incubator. He is a leader of the OWASP Israel chapter, created the popular AppSecIL security conference, and is co-founder and leader of the OWASP Threat Modeling Project. He also volunteers as a high school mentor, and as a community moderator on https://Security.StackExchange.com/. Recently, AviD co-authored the Threat Modeling Manifesto in order to further spread practical information and encourage more people to threat model.