Whiteboard Hacking (AKA Hands-On Threat Modelling) Training in Finland

  • Learn via: Classroom
  • Duration: 2 Days
  • Level: Intermediate
  • Price: From €3,061+VAT
We can host this training at your preferred location. Contact us!

Threat modeling is the primary security analysis task performed during the software design stage. Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application and the supporting architecture. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing.

Threat modeling allows you to consider, document, and discuss the security implications of designs in the context of their planned operational environment and in a structured fashion. It also allows consideration of security issues at the component or application level. The threat modeling course will teach you to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model.

None.

Target Audience

This course is aimed at software developers, architects, system managers or security professionals. Before attending this course, students should be familiar with basic knowledge of web and mobile Applications, databases & Single sign on (SSO) principles.

  • The why, what, how, and when of threat modelling
  • How to create and update a threat model
  • How to create an actionable threat model with your stakeholders
  • How to organise and prepare efficient threat modelling workshops
  • How to explain the methodology and need for threat modelling to others
  • Diagramming techniques, including Data Flow Diagramming
  • Threat identification techniques, including STRIDE and attack trees
  • How to carry out technical risk rating using the OWASP risk rating methodology
  • How to mitigate security and privacy threats with standard mitigations
  • The soft skills that will make you a better threat modeler

Threat modeling introduction

  • Threat modeling in a secure development lifecycle
  • What is threat modeling?
  • Why perform threat modeling?
  • Threat modeling stages
  • Different threat modeling methodologies
  • Document a threat model

Diagrams – what are you building?

  • Understanding context
  • Doomsday scenarios
  • Data flow diagrams
  • Trust boundaries
  • Sequence and state diagrams
  • Advanced diagrams
  • Hands-on: diagramming web and mobile applications, sharing the same REST backend

Identifying threats – what can go wrong?

  • STRIDE introduction
  • Spoofing threats
  • Tampering threats
  • Repudiation threats
  • Information disclosure threats
  • Denial of service threats
  • Elevation of privilege threats
  • Attack trees
  • Attack libraries
  • Hands-on: STRIDE analysis of an Internet of Things (IoT) gateway and cloud update service

Addressing each threat

  • Mitigation patterns
  • Authentication: mitigating spoofing
  • Integrity: mitigating tampering
  • Non-repudiation: mitigating repudiation
  • Confidentiality: mitigating information disclosure
  • Availability: mitigating denial of service
  • Authorization: mitigating elevation of privilege
  • Specialist mitigations
  • Hands-on: AWS threat mitigations for a travel booking system build on microservices

Threat modeling and compliance

  • How to marry threat modeling with compliance
  • GDPR and Privacy by design
  • Privacy threats
  • LINDUNN and Mitigating privacy threats
  • Threat modeling medical devices (FDA pre- and post-market guidance)
  • Threat modeling Industrial Control Systems (IEC 62443)
  • Threat Assessment and Remediation Analysis for automotive (TARA, SAE 21434)
  • Mapping threat modeling on compliance frameworks
  • Hands-on: privacy threat modeling of a face recognition system in an airport

Penetration testing based on offensive threat models

  • Create pentest cases for threat mitigation features
  • Pentest planning to exploit security design flaws
  • Vulnerabilities as input to plan and scope security testing
  • Prioritization of pentesting based on risk rating
  • Hands-on: get into the defender's head – modeling points of attack of a nuclear facility.

Advanced threat modeling

  • Typical steps and variations
  • Validation threat models
  • Effective threat model workshops
  • Communicating threat models
  • Agile and DevOps threat modeling
  • Improving your practice with the Threat Modeling Playbook
  • Scaling up threat modeling
  • Threat modeling and compliance: ISO14971 (medical devices), IEC 62443 (industrial cybersecurity), SAE 21434 (automotive)
  • Threat models examples: medical devices, automotive, industrial control systems, IoT and Cloud

Threat modeling resources

  • Open-Source tools
  • Commercial tools
  • General tools
  • Threat modeling tools compared
  • Battle for control over 'Zwarte Wind', an offshore wind turbine park

Examination

  • Hands-on examination
  • Grading and certification

Student package

Your bonus training package includes:

  • Following a successful exam (passing grade defined at 70%): Threat Modeling Practitioner certificate
  • One year of access to our threat modeling e-learning platform
  • Presentation handouts
  • Tailored use case worksheets
  • Detailed use case solution descriptions
  • Threat model documentation template
  • Template for calculating identified threat risk severity
  • Threat modeling playbook
  • STRIDE mapped on compliance standards


Contact us for more detail about our trainings and for all other enquiries!

Upcoming Trainings

Join our public courses in our Finland facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

23 tammikuuta 2025 (2 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
01 helmikuuta 2025 (2 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
23 tammikuuta 2025 (2 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
01 helmikuuta 2025 (2 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
07 huhtikuuta 2025 (2 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
07 huhtikuuta 2025 (2 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
08 toukokuuta 2025 (2 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
26 toukokuuta 2025 (2 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
Whiteboard Hacking (AKA Hands-On Threat Modelling) Training Course in Finland

Finland is a country located in northern Europe. Helsinki is the capital and largest city of the country. The majority of the people are Finns but there is also a small Lapp population in Lapland, where the country is famous for the Northern Lights. Finland's national languages are Finnish and Swedish.

Known for its vast forests, lakes, and natural beauty, Finland is one of the world's largest producers of forest products, such as paper, pulp, and lumber. One of the world's largest sea fortresses Suomenlinna, Rovaniemi with the "White Nights", dogsled safaris and of course the Northern Lights are what makes Finland so popular for tourists. Finland is one of the best places in the world to see the Northern Lights and attracts millions of tourists during its seasons.

Finland is home to a thriving technology industry and is widely recognized as one of the world's leading technology hubs. Companies such as Nokia and Rovio (creator of the popular game Angry Birds) are based in Finland. Some of the key factors that have contributed to Finland's success in technology include; strong investment in research and development, a highly educated workforce and fundings.

Finland has a strong educational system, and is widely regarded as one of the world's most literate countries. In fact, Finland's literacy rate is one of the highest in the world, and its students consistently perform well in international tests of math and reading ability.

Also, as a pioneer in environmental sustainability, Finland is known for its efforts to reduce its carbon footprint and promote clean energy. This Nordic country is also famous for its unique and distinctive cultural heritage, including its traditional folk music and its elaborate traditional costumes.

Helsinki, Finland's capital city, is the country's business center. Helsinki is Finland's largest city, and it is home to many of the country's major corporations and organizations, including many of the country's leading technology firms. The city is also a commercial, trade, and financial center, as well as one of the busiest ports in the Nordic region.

Take advantage of our diverse IT course offerings, spanning programming, software development, business skills, data science, cybersecurity, cloud computing and virtualization. Our knowledgeable instructors will provide you with practical training and industry insights, delivered directly to your chosen venue in Finland.
By using this website you agree to let us use cookies. For further information about our use of cookies, check out our Cookie Policy.