Threat modelling from zero to hero

Threat modelling is a core component of secure development lifecycle process for developing any secure system, it is definitely used by hackers, and it is a mandatory security activity for any product. It is an upfront view of a system to help identify potential issues from the start as opposed to attempting to bolt on security later. This four hours, introduction workshop will cover an approach for Software/Firmware threat modelling in a step-by-step process and allow the attendees to apply the material on a working example (Software/Firmware). This workshop explains the importance of threat modelling, reviews security terminology with examples that demonstrate various terms and how to use them, goes through the threat modelling stages and then uses an example of a SW/FW design to show how to go through all the steps with that design. It will explain the purpose of threat modelling and examine methods of system diagramming for threat modelling, identifying assets, attack surfaces and attackers and using this information to develop a listing of threats and associated mitigations. At the end of the workshop, if time allows, we will talk about using TM tools. The entire workshop emphasizes developing a security mindset.