Free OWASP Top 10 CBT

Language agnostic. Complete at your own pace.
Real exploit concepts around web application threats, vulnerabilities & strategies to mitigate them.

1 Day Training

1 Day Training

Prior Information Security Experience Useful

Prior Information Security Experience Useful

Project Managers, Architects, Developers

Project Managers, Architects, Developers

Instructor Led<br />CBT / Remote<br /> Training Available

Instructor Led
CBT / Remote
Training Available

Course Overview

In this class students learn about the attacks that their applications may face and then an informal approach to threat modeling. They will first learn the steps in executing a Threat Model Express, and then they will engage in a fictional exercise with the instructor.

In this scenario, students perform all the activities of a threat model on a complex application - including analyzing design and role-playing interviews.

Students will understand how to implement a Threat Model Express in your organization using this model pioneered by Security Compass.

Learning Objectives

  • Understand the benefits of a traditional threat model vs. a threat model express exercise
  • Engage in asking valuable questions that will effectively identify potential threats within an application
  • Learn who should be involved in a Threat Model Express exercise and how to apply the model within your organization
  • Engage in a Threat Model Express exercise with the instructor using a sample architecture



  • What is threat modeling
  • Traditional vs. Express Threat Modeling

1. Goals of the Threat Model

  • Identifying and determining goals
  • Identifying the scope

2. Gathering Information

  • What kinds of information to gather
  • Sources to gather information from
  • Finding more about the application
  • Distilling an application
  • Developing data flow diagrams

3. Interview with the Architect

  • Asking the right questions

4. Meeting Setup

  • Who to invite to the meeting
  • Roles of the participants

5. Determining Threats

  • Establishing Threats
  • Attacker motivations
  • Business Logic attacks

6. Determining Risk

  • Factors of Impact
  • Factors of Likelihood

7. Countermeasures

  • Establishing countermeasures

8. Interactive Class Exercise

  • Taking a sample architecture to perform a Threat Model Express
  • Determining Threats
  • Determining Risks
  • Identifying countermeasures
  • Plotting risk and countermeasures

Download Datasheet

Download Datasheet

Security Compass training courses are offered using a variety of delivery methods. Download the data sheet to learn more.

Public Classes

Security Compass offers this course as a public class. Contact us for a schedule of all our upcoming public training classes.