Short Course

Threat Modelling in Agile and DevSecOps

Building Security by Design into your Development Lifecycle

5 Hours of video content

Advanced

Certificate of Completion Included

Check out Subscription Plans

Overview What You Will Learn Curriculum Instructor

Course Overview

Agile Development and DevSecOps are tightly interlinked development methodologies used extensively by companies in the modern world. Both are based on iterative development, with Agile designed to satisfy customer requirements through a regular feedback loop as development projects continue, and DevSecOps providing autonomy to development teams to take ownership not only of the development process, but also the requirements for deployment, operations, and security.

Threat modelling is a methodology used to build security by design into systems throughout the development process, mitigating risks before a system is finalised as part of the design and development lifecycle. Fundamentally threat modelling is built on asking questions throughout about what is intended as the goal of a system, who would want to obstruct those goals, what they can do to obstruct them, and what the design and development team can implement to prevent any obstructions.

This course is focused on introducing the foundational building blocks of threat modelling and applying them to the Agile and DevSecOps development philosophies to allow developers to design and ultimately build secure systems which are both robust and resilient against any attempts to obstruct the goals of the system whether deliberately or through negligence. While a number of threat models will be introduced the focus is on providing learners with the tools to develop their own appropriate threat models to work with their own Secure Software Development Lifecycle (SSDLC) and detect and mitigate, vulnerabilities in their systems before they are fully realised in a final production environment.

This course will provide you with the building blocks and practical tools to apply threat modelling throughout the design process and ensure that your target system is appropriately secure to achieve the goals of your organisation given its threat profile and risk appetite.

What You Will Learn

The fundamental concepts of threat
vulnerability
and impact
The common threats categories
both malicious and negligent
that apply to Agile and DevSecOps development philosophies
The fundamental concepts which underly risk management including the costing of controls and prioritisation of vulnerabilities
The common threat modelling approaches of STRIDE
LINDUNN
Persona non Grata and the OWASP Top 10 and how these can be applied to an Agile DevSecOps development process
How to apply controls both technical and procedural to develop a secure system in an Agile DevSecOps environment

Program Curriculum

Background of Threat Modelling
Our Goals for Threat Modelling
The Threat Modelling Manifesto
Threat Modelling: Not Just for Coding
$7 Million Cybersecurity Scholarship by EC-Council
Chapter 01 Quiz

What are Threats?
What are Vulnerabilities?
What are Impacts and Assets?
A Summary of Threat Modelling Methodologies
How to Create Personae Non-Gratae?
How to Write Abuse Cases?
How to Build Attack Trees?
How to Create a Data Flow Diagram?
How to Use STRIDE and DREAD?
How to Perform a Rapid Risk Assessment?
Applying Threat Mapping
Chapter 02 Quiz

Why Agile and DevSecOps Need Threat Modelling
Building a Strategy for Threat Modelling in Agile and DevSecOps
Identifying Vulnerable Assets in Agile and DevSecOps
Applying STRIDE to Agile and DevSecOps
Threat Modelling in Containers
Using Threat Modelling Outcomes to Drive Continuous Security Testing
Building Collaboration Between Teams for Threat Management in Development and Testing
Threat Modelling Post-Deployment and Into the Future
Reviewing Designs to Identify Entry Points for Attacks
Reviewing Code to Identify Potential Exploitations
Chapter 03 Quiz

An Overview of Automated Threat Modelling
OWASP Threat Dragon
Microsoft Threat Modeling Tool
Mozilla SeaSponge
SAST and DAST Tools for Continuous Threat Modelling
Chapter 04 Quiz

Recap of Threat Modelling Goals
How to Choose a Threat Modelling Method
Key Takeaways
Thank You and Contact Information

Load more modules

Instructor

James Bore

James Bore is a Chartered Security Professional with two decades of experience in security and technology ranging from development to operations, to architecture, and more. His experience has included critical national infrastructure companies (CNI), various start-ups, and established private organizations providing security and technology advice around risk management and threat modelling. He has certifications that include project management, enterprise architecture, service provision, and security. He has consulted and trained on threat modelling with various clients, ensuring that security by design is baked into their development methodologies to reduce the cost of implementing security following deployment.

Buy this course now

$49.99

Get Immediate access for one year today!

Upgrade to Pro Plans and Get Full Access Today!

Get this course, along with 700+ courses and 50+ learning paths and more in one subscription. Learn more

Unlock All Access

Plans start from $33/mo. Cancel anytime.

Join over 1 Million professionals from the most renowned Companies in the world!

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans

Annual Plans

Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

^$ 499.00

Billed annually or $59.00 billed monthly

Get Started Now

Start your 7-day trial for $1

What is included

700+ Premium Short Courses
50+ Structured Learning Paths
Validation of Completion with all courses and learning paths
New Courses added every month

Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

^$ 599.00

Billed annually or $69.00 billed monthly

Get Started Now

Start your 7-day trial for $1

Everything in Pro and

800+ Practice Lab exercises with guided instructions
150+ CTF Challenges with detailed walkthroughs
New Practice Labs and Challenges added every month
3 Official EC-Council Essentials Certifications¹ (retails at $897!)
Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

Introduction to Raspberry Pi

Short Course

Introduction to Raspberry Pi

Software Development

Learn How to Create Software and Hardware Projects using Raspberry Pi and Python.

Learn How to Create Software and Hardware Projects using Rasp...

$49.99

Beginner

2 hr 0 m

Hello
Hands-on React Native

Short Course

Hands-on React Native

Software Development

Learn to build modern, beautiful & powerful native iOS and Android apps leveraging JavaScript.

Learn to build modern, beautiful & powerful native iOS an...

$49.99

Beginner

6 hr 32 m

Hello
Learn Python Programming with 100 Practicals

Short Course

Learn Python Programming with 100 Practicals

Software Development

Learn Python Programming from scratch.

Learn Python Programming from scratch.

$69.99

Beginner

5 hr 30 m

Hello
Game Development with C# and Unity – Reinforce Your C# Codes

Short Course

Game Development with C# and Unity – Reinforce Your C# Codes

Software Development

Learn to write code that is not just functional, but clean, maintainable, and something which you can be proud of

Learn to write code that is not just functional, but clean, m...

$49.99

Advanced

4 hr 18 m

Hello
React.JS Crash Course: The Complete Course for Beginners

Short Course

React.JS Crash Course: The Complete Course for Beginners

Software Development

Create web apps that are robust, quick, user-friendly, and responsive.

Create web apps that are robust, quick, user-friendly, and re...

$59.99

Beginner

2 hr 0 m

Hello
Optimizing and Securing Ansible Playbooks

Short Course

Optimizing and Securing Ansible Playbooks

Software Development

Efficiently Automating Container and System Management with Secure Ansible Playbooks

Efficiently Automating Container and System Management with S...

$99.99

Intermediate

5 hr 0 m

Hello
OAuth, OpenID, and SAML Crash Course Security for Web and Mobile

Short Course

OAuth, OpenID, and SAML Crash Course Security for Web and Mobile

Software Development

Learn how OAuth2, OpenID, and SAML work as open standards for app security.

Learn how OAuth2, OpenID, and SAML work as open standards for...

$49.99

Advanced

1 hr 0 m

Hello
Spring Core Framework with Spring Tool Suite

Short Course

Spring Core Framework with Spring Tool Suite

Software Development

The hands-on learning experience of Spring Core Framework

The hands-on learning experience of Spring Core Framework

$49.99

Intermediate

1 hr 37 m

Hello