Threat Simulation and Modeling Training

Call Tonex Experts Today: +1-972-665-9786
Threat Simulation and
Modeling Training
Price: $1,699.00 Length: 2 Days
VISIT TONEX.COM
PASTA
Process for attack simulation
and threat analysis
CAPEC
Common attack patter
enumeration and
classification
Visit Tonex website
https://www.tonex.com/training-courses/threat-simulation-and-modeling-training/
SDLC
Software Development
Life Cycle

Threat Simulation and Modeling Training
Threat simulation and modeling training shows you
the different sorts of threat modeling procedures and
encourages you to apply threat modeling as a
propelled preventive type of security. TONEX as a
pioneer in security industry for over 15 years is
presently declaring the threat simulation and
modeling training which encourages you to perceive
procedures, apparatuses and contextual
investigations of effective threat modeling method.
Threat Simulation and Modeling Training course
covers a variety of topics in cybersecurity area such
as:
• Process for attack simulation and threat
analysis (PASTA)
• PASTA steps
• Common attack patter enumeration and
classification (CAPEC)
• Threat modeling with SDLC and existing threat
modeling approaches.
Moreover, you will be introduced to threat analysis, weakens
and vulnerability analysis, attack modeling and simulation,
and residual risk analysis and management.

By taking the threat simulation and modeling training
by TONEX, you will learn about the main concepts in
threat modeling, application threats, software
development life cycle (SDLC), and common types of
threats.
Threat simulation and modeling training course
introduces different techniques of threat modeling
which you may apply to your own products to ensure
the security, or develop more secure environment for
your software product.

Learn About:
1. PASTA, objectives of risk analysis, risk centric
threat modeling, and weakness and vulnerability
analysis basics.
2. Common attack pattern enumeration such as:
HTTP response splitting, SQL injection, XSS
strings, phishing, buffer overflow, authentication
protocol attacks or even cache poisoning.
3. Threat analysis approaches and principles to give
you the step by step straight forward
methodology to conduct the threat modeling and
analysis. Moreover, a detailed introduction of
existing threat modeling approaches are included
in the course. Examples of such approaches can
be: CVSS, CERT, DREAD, and SDL threat modeling.

Who Can Benefit from Threat Simulation and Modeling Training ?
If you are an IT professional who specialize in computer security,
you will benefit the presentations, examples, case studies,
discussions, and individual activities upon the completion of threat
simulation and modeling training and will prepare yourself for your
career.
Threat Simulation and Modeling Training Features :
Threat simulation and modeling training will introduce a set of labs,
workshops and group activities of real world case studies in order
to prepare you to tackle all the related computer threat challenges.
Our instructors at TONEX will help you to understand the step by
step procedure for attack simulation and modeling such as
enumerating the attack vector, assessing the probability of attacks,
attack driven security tests or attack library update

Audience
The threat simulation and modeling training is a 2-day course
designed for:
• IT professionals in the area of information
security and cybersecurity
• Executives and managers of cybersecurity and
threat modeling area
• Information technology professionals, web
engineers, security analysts, policy analysts
• Security operation personnel, network
administrators, system integrators and security
consultants
• Security traders to understand the threat
modeling techniques
• Investors and contractors who plan to make
investments in cybersecurity industry.
• Technicians, operators, and maintenance
personnel who are or will be working on threat
modeling projects
• Managers, accountants, and executives of
cybersecurity industry.

Training Objectives
Upon completion of threat simulation and modeling training
course, the attendees are able to:
• Identify the goals of threat modeling
• Recognize the tools for threat modeling
• Identifying the step by step procedure for threat
modeling and simulation
• Describe different types of threats in threat
analysis techniques
• Identify the existing threat modeling approaches
and procedures
• Understand common attack pattern enumeration
and classification
• Describe the process for attack simulation and
threat analysis
• Conduct threat modeling and simulation
techniques for real world problems

Training Outline
Threat simulation and modeling training course consists of the
following lessons, which can be revised and tailored to the
client’s need:
Threat Modeling Overview
• Definition of Threat Modeling
• Assets, Threats, and Vulnerabilities
• Software Implementation, Real and Perfect World
• Network Threats
• Host Threats
• Application Threats
• Software Development Life Cycle (SDLC)
• Threat Modeling Steps
• Categorizing Threats with STRIDE
• Spoofing Identity
• Tampering with Data
• Repudiation
• Information disclosure
• Denial of Service
• Elevation of Privilege
• Difference between Threat and Vulnerability
• DREAD
• Integration Testing

Introduction to Process for Attack Simulation
and Threat Analysis (PASTA)
• Objectives of Risk Analysis
• Obtaining the Business Requirements
• Defining Data Protection Requirements
• Privacy Laws
• Initial Risk Profile
• Risk Management Objectives
• Risk Centric Threat Modeling
• Inherent Challenges to Threat Modeling
• Input/output for PASTA Process
• Definition of the Technical Scope (DTS)
• Application Decomposition and Analysis (ADA)
• Threat Analysis
• Weakness and Vulnerability Analysis (WVA)
• Attack Modeling and Simulation
• Risk Analysis and Management
PASTA
Introduction to Process
for Attack Simulation
and Threat Analysis

Process for Attack Simulation and Threat Analysis
• Use Cases from Business Objectives
• Converging Security, Compliance and Privacy
• PASTA Objective Hierarchy
• Compliance and Business Impact
• Inherent Risk
• Integration Opportunities of PASTA
• Enumerate Software Components
• Identify Actors and Data Sources/sinks
• Enumerate System-level Services
• Enumerate Third Party Infrastructure
• Assert Completeness of Secure Technical Design
• Procurement’s Impact
• Enumerate Application Use Cases
• Data Flow Diagram (DFD) of Identified
Components
• Security Functional Analysis

Common Attack Pattern Enumeration and
Classification (CAPEC)
• HTTP Response Splitting
• SQL Injection
• XSS in HTTP Query Strings
• Session Fixation
• Phishing
• Filter Failure Through Buffer Over Flow
• Removing Guard Logic
• Lifting Embedded Data
• Subvert Code Facilities
• Reflection Attack in Authentication Protocol
• Web Server Misclassification
• Forced Deadlock
• Cache Poisoning
• Restful Privilege Escalation
CAPEC
Common Attack Pattern
Enumeration and
Classification

Threat Modeling within SDLC
• Identifying Assets
• Architecture Overview
• Application Decomposition
• Threat Identification
• Threat Documentation
• Threat Rating
• Damage Potential
• Reproducibility
• Exploitability
• Affected Users SDLC
Software Development
Life Cycle

Existing Threat Modeling Approaches
• Security Centric Approach
• Security Centric Threat Models for Complex Attacks
• STRIDE
• STRIDE Threat Categorization Table
• Common Vulnerability Scoring System (CVSS)
• Computer Emergency Response Team (CERT)
• Common Attack Pattern Enumeration and Classification (CAPEC)
• Risk Based Approach in Threat Modeling
• DREAD
• Threat Analysis and Modeling (TAM) Threat Modeling Tool
• SDL Threat Modeling
• Trike Methodology

Threat Analysis
• Credible Source of Threat Data
• Leverage Internal Sources of Data
• Enumerate Likely Threat Agents
• Threat Likelihood Value
• Analyzing Overall Threat Scenario
• Threat Intelligence Gathering from Internal Source
• Threat Intelligence Gathering from External Source
• Threat Library Update
• Threat Agents to Asset Mapping
• Probabilistic Value Around Identified Threats

Weakness and Vulnerability Analysis
• Correlating the Existing Vulnerability Data
• Identifying Weak Design Patterns
• Map Threats to Vulnerabilities
• Contextual Risk Analysis
• Targeted Vulnerability Testing
Attack Modeling and Simulation
• Possible Attack Scenarios
• Attack Library Update
• Attack Surface Update
• Enumerating the Attack Vectors
• Assessing the Probability of Attacks
• Derive a Set of Cases to Test Existing Countermeasures
• Conduct Attack Driven Security Tests

Residual Risk Analysis and Management
• Risk Assessment
• Internal/external Threat Data
• Viability of Attacks
• Identifying countermeasures
• Residual Risk Calculation
• Severity Rating
• Probability Coefficient
• Number of countermeasures
• Strategies to Risk Management

Hands On, Workshops, and Group Activities
• Labs
• Workshops
• Group Activities
Sample Workshops and Labs for
threat simulation and modeling Training
• Threat Modeling Hands On
• Microsoft Threat Analysis and Modeling Tool Overview
• Generating Threat Models
• Generating Threat Model Diagram
• Threat Analysis Case Study
• PASTA Procedure Step by Step Case Study
• DREAD Threat Modeling Case

Threat Simulation and Modeling Training

More Related Content

What's hot

Similar to Threat Simulation and Modeling Training

More from Bryan Len

Recently uploaded

Threat Simulation and Modeling Training