Threat Modeling Workshop

Our workshops are tailored to get started with threat modeling in your team. No preparations are needed, let’s just get started with security improvements immediately. Ready to book, or read more?

The workshops are led by a threat modeling expert, through the main steps of threat modeling:

What are we building?

It’s important that we gain a mutual understanding of what you’re building, and working on at the moment. It’s great if you have architecture diagrams or if you can quickly demo your product. Don’t have any diagrams yet? No worries, that’s actually quite common. We’ll create descriptive diagrams together as part of the workshop. We’ll also list and discuss the key use cases.
 

What can go wrong?

Now that we have a good overview, it’s time to talk about potential attackers and security threats. We will go through and document a combination of imported “reusable threats” from our Threat Library – as well as threats specific to your context. Remember that we need to think defense-in-depth, and authenticated users are also potential attackers in most systems.

 

What are we going to do about that?

Once we know what potential threats to consider, we need to agree on a way to mitigate them – The Countermeasures. This will become implementation tasks, to prioritize based on the potential impact of the threats. We have already prepared suggested Countermeasures for the threats in our Threat Library, but let’s revise them when needed.

 

Did we do a good enough job?

Now that we have identified Threats and Countermeasures, we know a lot more about the potential security risks and what to do about them. But once the Countermeasures have been implemented, we must also ensure that they are verified – in a similar way as any other implementation task during development. Automated tests are preferred in many cases, but sometimes a code review – or some other verification strategy is more suitable.

These workshop sessions are typically scheduled and performed as 4-5 sessions of 1.5 Hours each, and offered at a fixed price. We recommend that the entire team attend, in order to get as much security awareness training as possible.

When we are done, we’ll of course ensure that your team members get access to the produced threat model, so that they can continue with security improvements independently.
 

Reach out below – let’s book a workshop now!

Get in touch to book a workshop

Want to check our availability and book a workshop?
Contact us with the form below or write to info@oplane.io