AppSec USA 2017 has ended
Back To Schedule
Wednesday, September 20 • 9:00am - 5:00pm
Whiteboard Hacking aka Hands-on Threat Modeling (2 of 2 days)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Toreon proposes a 2 day, trainer-led, on-site, Threat Modeling course. The training material and hands-on workshops with real live Use Cases are provided by Toreon. The students will be challenged to perform practical threat modeling in groups of 3 to 4 people covering the different stages of threat modeling on:

• A hotel booking web and mobile application, sharing the same REST backend

• An Internet of Things (IoT) deployment with an on premise gateway and secure update service

• An HR services OAuth scenario for mobile and web applications


This edition also introduces a new section on privacy threats and privacy by design, including a hands-on privacy impact assessment of a face recognition system in an airport. Each student will receive a hard copy of the book: Threat Modeling, designing for security by Adam Shostack (2014, Wiley)


This training is delivered successfully at OWASP Europe 2016 and is selected for OWASP Europe 2017 and Blackhat USA 2017. More details and the outline of the training are available in the attached syllabus.



Wednesday September 20, 2017 9:00am - 5:00pm EDT