OWASP AppSec Days Singapore 2024: Full Schedule

arrow_back View All Dates

9:00am GMT+08

1-Day Training: Threat Modelling: From none to done

Tuesday October 1, 2024 9:00am - 5:00pm GMT+08

This session offers participants an interactive introduction to application Threat Modelling and its use as a technique for identifying consequential ("Yes, and...") security requirements. A key focus of this course is applying Threat Modelling as a daily practice within your organization's software development processes, to improve the overall quality and security of the applications you build.

In addition to addressing key questions around the "Five Ws," the presentation will cover the instructor's "Seven Questions" approach (adapted from Adam Shostack's "Four Questions") to developing a model, and include several interactive exercises to provide direct experience.

We'll wrap up the day with a brief review of available modelling tools - including a hands-on look at a few free/freemium tools - along with a discussion of the opportunities and challenges for introducing Threat Modelling into your SDLC.

Speakers

John DiLeo

Application Security Lead, OWASP New Zealand

Dr. John DiLeo leads the OWASP New Zealand Chapter. In his day job, John is the Application Security Lead at Gallagher Security in Hamilton. Before joining Gallagher, John led the Application Security Services team at Datacom NZ, providing support and guidance to clients in launching... Read More →

Tuesday October 1, 2024 9:00am - 5:00pm GMT+08

Training

Audience Beginner