Steven Wierckx

Application Security Consultant


Hands-on threat modeling for agile development
June 15, 17 (14:30-18:00 CEST) -
Your rating:

We created a 1-day online threat modeling course specifically for agile development to improve reliability and security of delivered software. You will learn an iterative and incremental threat modeling method that is integrated in the development and deployment pipeline You will be challenged to perform practical threat modeling covering the different stages of threat modeling. Exercises are built upon a fictional Acme Hotel Booking (AHB) system, where we migrate a legacy client-server system towards a cloud based, micro service stack using AWS services:

  • Sprint 1: Modeling a hotel booking web and mobile application, sharing a REST backend
  • Sprint 2: Threat identification as part of migrating the booking system application to AWS
  • Sprint 3: AWS threat mitigations for the booking system build on microservices
  • Sprint 4: Building an attack library for CI/CD pipelines This course is for you if you are a product manager, software developer, architects, DevOps engineer or application security professional.


Steven Wierckx is a software and security tester with 20 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design, Steven shares his passion for web application security through writing and training on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He is the project leader for the OWASP Threat Modeling Project and organizes the BruCON student CTF. He spoke at Hack in the Box Amsterdam, hosted workshops at BruCON and DevSecCon (UK) and delivered threat modeling trainings at OWASP AppSec USA, OWASP AppSec Israel, BruCON and O’Reilly Security New Yo