What's the topic?

Hands-on Threat Modeling and Tooling for DevSecOps

Training overview:

Threat modeling is the primary security analysis task performed during the software design stage. Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application and the supporting architecture. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing. For this training, we will teach an iterative and incremental threat modeling method that is integrated in the development and deployment pipeline.

Threat modeling allows you to consider, identify, and discuss the security implications of user stories in the context of their planned operational environment and in a structured fashion. It also allows consideration of security issues at the component or application level. In this bootcamp you will learn how to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model based on an AWS and microservices migration from a classical web application.

Target group: DevOps Engineers

Participant requirements: Participants should be familiar with basic knowledge of microservices, cloud architectures and AWS.

Training content:

Threat modeling introduction

  • Threat modeling in DevOps
  • What is threat modeling?
  • Why perform threat modeling?
  • Threat modeling stages
  • Diagrams
  • Identify threats
  • Addressing threats
  • Increment a threat model

Diagrams – what are you building?

  • Understanding context
  • Doomsday scenarios
  • Data flow diagrams
  • Trust Boundaries
  • Hands-on: diagram B2B web and mobile applications, sharing the same REST backend

Identifying threats – what can go wrong?

  • STRIDE introduction
  • Spoofing threats
  • Tampering threats
  • Repudiation threats
  • Information disclosure threats
  • Denial of service threats
  • Elevation of privilege threats
  • Attack trees
  • Hands-on: Threat identification as part of migrating the booking system application to AWS

Addressing each threat

  • Cloud Service Provider mitigation patterns
  • Microservices mitigation patterns
  • Authentication: mitigating spoofing
  • Integrity: mitigating tampering
  • Non-repudiation: mitigating repudiation
  • Confidentiality: mitigating information disclosure
  • Availability: mitigating denial of service
  • Authorization: mitigating elevation of privilege
  • Hands-on: AWS threat mitigations for the booking system build on microservices

Practical threat modeling as part of the DevOps pipeline

  • Typical steps
  • Inception threat modeling
  • Effective threat model workshops
  • Communicating threat models
  • Updating threat models
  • Integrating threat modeling as part of sprint planning
  • Threat modeling examples and scenarios for a Three Amigos meeting

Attack libraries

  • Attack libraries
  • CAPEC
  • OWASP Top 10
  • Other lists
  • Create your own checklist
  • Hands-on: Building an attack library for CI/CD pipelines

Threat modeling resources

  • Open-Source tools
  • Commercial tools
  • General tools
  • Threat modeling tools as part of the DevOps toolchain

Threat Modeling – Real-Life Use Cases

As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.

In order to minimize that gap we have developed practical Use Cases, based on real life projects. Each use case includes a description of the environment, together with questions and templates to build and iteratively improve a threat model. Using this methodology for the hands-on workshops we provide the participants with a robust training experience and the templates to incorporate threat modeling best practices in their daily DevOps work.

The participants will be challenged to perform practical threat modeling in squads of 3 to 4 people covering the different stages of threat modeling on an incremental business driven CI/CD scenario:

  • Sprint 1: Modeling a hotel booking web and mobile application, sharing the same REST backend
  • Sprint 2: Threat identification as part of migrating the booking system application to AWS
  • Sprint 3: AWS threat mitigations for the booking system build on microservices
  • Sprint 4: Building an attack library for CI/CD pipelines

After each hands-on workshop, the results are discussed, and the students receive a documented solution.

Further information:

Participant package: The course students receive the following package as part of the course:

  • Hand-outs of the presentations
  • Work sheets of the use cases
  • Detailed solution descriptions of the use cases
  • Template threat model
  • Template to calculate risk levels of identified threats
  • Receive certificate

Hardware requirements: Participants should bring their own laptop or tablet to read and use the training handouts and exercise descriptions. No further requirements.

Maximum number of participants: 25