Hands-On Threat Modeling Workshop Pre-Compiler Materials
-
We will use this document in the workshop to help guide for DFDs, identifying threats, examples, etc.:
a. Handout-CodeMash2025.pdf
-
Recommended, but not required:
a. If you bring a laptop, please install the latest OWASP Threat Dragon software (free):
https://owasp.org/www-project-threat-dragon/ We plan to demo the software and will walk through some hands-on exercises using this software.b. Files related to above: 1) RareBooksRUsTM-Web.json a) RareBooksRUsTM Web Only DFD v1.0.png 2) RareBooksRUsTM-Web-Mobile.json a) RareBooksRUsTM Web + Mobile DFD v1.0.png
-
Optional
Ideally, a Windows 11 laptop is used for this optional tool. You could use a Mac or Linxu laptop, but for installing the Microsoft Threat Modeling Tool you will need a Windows VM installed / available.
a. If you bring a Windows laptop, you are welcome to install the latest Microsoft Threat Modeling Tool (free):
https://aka.ms/threatmodelingtool (NOTE: This works on Windows OS only - which is the reason this is optional.) We plan to demo the software briefly, but it won't be used directly for hands-on exercises.b. Files related to above: 1) SampleWebTM.tm7 2) RareBooksTM.tm7 3) RareBooksTM-MSTMT Report.htm 4) RareBooksTM-AWS.tm7