2023 OWASP Training Day - Dunedin

We're pleased to offer our popular OWASP Training Day event, for the first time in Dunedin, on Saturday, 11th November.

Thanks to the generous support and assistance of the team at MTF Finance, we're able to offer this low-cost training opportunity to interested professionals.

For this year's Dunedin event, we have one full-day class on offer: Threat Modelling: From None to Done

Class Fee: $99.00 per person (plus GST and booking fee)

Registration Limit: 25

Start Time: 8:45 a.m. (Registration check-in opens at 8:00)

End Time: 5:30 p.m.

Tea Breaks and Lunch will be provided.

Class Overview:

This session offers participants an interactive introduction to Threat Modelling and its use as a technique for identifying consequential ("Yes, and...") security requirements for applications and systems. A key focus of this course is applying Threat Modelling as a daily practice within your organisation's system development processes, to improve the overall quality and security of the applications and systems you build and deploy. In addition to addressing key questions around the "Five Ws," the presentation will cover the instructor's "Seven Questions" approach (adapted from Adam Shostack's "Four Questions") to developing a model, and include several interactive exercises to provide direct experience. A brief review of available modelling tools will also be included, along with a discussion of the opportunities and challenges for introducing Threat Modelling into your SDLC.

Topic Outline:

• Introduction - Overview and Initial Modelling Exercise
• The Five Ws of Threat Modelling
• Modelling Approach - DiLeo's Seven Questions
• Identifying the Scope - What are we building?
• Identifying Threats - What could go wrong?
  
• Risk Management Overview
  
• Identifying Mitigations - What *could* we do about it?
• Selecting Mitigations - What *will* we do about it?
  
• Verification and Validation
  
• Getting Started - Incremental Threat Modelling
• Tools for Creating Threat Models
• Integrating with the SDLC

Your Trainer: John DiLeo

Dr. John DiLeo is the Auckland-area leader of the OWASP New Zealand Chapter. In his day job, John is a lead Solution Architect at IriusRisk, covering the Asia/Pacific region. Before joining IriusRisk, John led the Application Security Services team at Datacom, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs.

Before turning to full-time roles in security, John was active as a Java enterprise architect and Web application developer. In earlier lives, John has been a full-time professor and had specialised in developing discrete-event simulations of large distributed systems.

John is on the core team for the OWASP Software Assurance Maturity Model (SAMM) Project, leads the OWASP State of AppSec Survey Project, and is a member of the OWASP Education and Training Committee.

Team Discounts - For multiple registrations in a single order:

• 6 - 10 tickets in total: 10% off the entire order
• 11 - 15 tickets in total: 15% off the entire order
• 16 or more tickets in total: 20% off the entire order

Discounts will first appear, and will be applied, on the Payment page.

Questions? Please contact the Training Day Team.