Course Description
Implementing Threat Modeling with IriusRisk is a mini-course designed to equip you with the knowledge and skills to effectively implement threat modeling using IriusRisk, a powerful automated threat modeling tool. Throughout the course, participants will learn how to integrate threat modeling seamlessly into their work, enabling you to efficiently identify, mitigate, and track threats.
Target Audience
This course is suitable for software developers, operations including devops and SRE, security professionals including appsec and SOC analysts, QA engineers, and anyone involved in the software development or deployment lifecycle who seeks to enhance the security of their applications through effective threat modeling.
Prerequisites
Learners should have basic familiarity with security concepts. This mini-course is often used as an add-on to our other threat modeling training
Course Objectives
By the end of this mini-course, learners will gain the skills and confidence to implement threat modeling using IriusRisk. You'll learn to proactively identify and mitigate threats, ensuring the development of secure and resilient systems.
Specific Objectives:
- Understand what IriusRisk is and how it helps you by automating threat modeling.
- Navigate and use the IriusRisk platform effectively.
- Create diagrams, incorporating trust zones and trust boundaries.
- Identify and mark sensitive data within the threat model and assess its impact.
- Use automated threat generation capabilities to discover threats
- Understand the rules engine and its role in threat identification.
- Interpret and manage threat details, including severity and priority states.
- Apply appropriate countermeasures and manage them effectively within the IriusRisk platform.
- Assess current and projected risk levels and generate insightful reports.
Course curriculum
-
-
Welcome to 'Implementing Threat Modeling with IriusRisk'
-
Learning online
-
Syllabus
-
-
-
Logging into IriusRisk
-
Drawing in IriusRisk
-
Exercise: Draw Bikes as a Service in IriusRisk
-
Sample: DFDs in IriusRisk
-
Marking sensitive data
-
How IriusRisk uses data: Sending, receiving, storing, + processing
-
-
-
Generating threats
-
What the rules engine does
-
Threats overview
-
Threat Detail: Current risk, count, + progress
-
Managing threats: Applying standards
-
-
-
Countermeasures: Overview
-
Countermeasures: Detail (Priority states)
-
Countermeasures: Advice (Fix, test, + relation to standards)
-
Managing countermeasures
-
-
-
Home screen
-
-
-
Do a threat model in IriusRisk
-
Closing
-
About this course
- 21 lessons
- 1 hour of video content