Graphical representation of offensive threat modelling

Traditional Threat Modelling takes a defensive approach to security, looking to mitigate potential threats to your platform. Offensive Threat Modelling is the counterpoint: it explores security from an attacker’s perspective. By analyzing the defender’s strategies to determine their weaknesses, it creates a model of how the application and its systems can be compromised. This helps to find lapses in security measures, and is especially useful for pentesting and assessments.

We begin with a deep dive into applying Threat Modelling inputs to offensive security practices, with the help of security test cases. Using we45’s Threat Playbook framework, you’ll learn how to automate Application Security Pentesting. Each new technique is taught using hands-on labs that let you practice and become proficient in them.

At the end of this course, you’ll come away with a comprehensive understanding of creating a detailed model of an attacker’s perspective of your app. All our training material is a distillation of years of security testing experience, knowledge, and original research across our entire team. What this means is you’ll be able to take everything you’ve learned here and implement it directly in a modern development environment.

Course Outline

Each section will be replete with multiple examples and case studies that will reinforce the concepts explained

    • Deep-Dive – Attack Trees for Offensive Security
    • Security Test Cases – To ensure coverage of security testing against Threat Model

Each section will be replete with multiple examples and case studies that will reinforce the concepts explained

  • Creating a “Threat Model to Pentest Pipeline” with the Automaton Framework:
  • Hands-on Labs: Automaton Threat Modeling Library
  • Hands-on Labs: Automating Reconnaissance with RoboNmap, RoboSublist3r and RoboDirBuster
  • Hands-on: Parameterized Application Vulnerability Assessment with OWASP ZAP
  • Hands-on: Automated Fuzzing with the WFuzz Framework and SecLists
  • Creating Recipes for Automated Pentesting of Apps, combined with Functional Automation Scripts
  • Hands-on: Write an Automated Pentest Pipeline recipe from Threat Model to Pentest for an Intentionally Vulnerable Web Services

Meet your Trainer

Abhay Bhargav

Abhay is a speaker and trainer at major industry events including DEF CON… Read More