.png)
.png)
.svg)
.svg)
.svg)
Not ready for a demo?
Join us for a live product tour - available every Thursday at 8am PT/11 am ET
Schedule a demo
.svg)
No, I will lose this chance & potential revenue
x
x
Live Online
4
Live sessions
.png)
3
Hours per Session
52
Weeks access
6
Lab Exercises
AppSecEngineer™ Certified Application Threat Modeler
2 Certification Exam Attempts
All Recordings of Live sessions
Unlimited access to all 2000+ labs and 500+ courses on AppSecEngineer platform for 1 year
Ideal for
Developer
Security Engineer
DevOps
Pentester
Security Architect
QA Engineers
DevSecOps Engineers
Application Security
Solutions Architects & System Designers
Technical Product Managers
Coming Soon
Sign up now
Before this bootcamp
You’ve heard of threat modeling but don’t know where to start.
Threats are found after code is written—not before.
You’re unsure how to use LLMs for security work.
Security, product, and engineering speak different languages.
After this bootcamp
- Work with PMs, BAs, and engineers to define what’s in scope.
- Draw full system and component diagrams with ease.
- Create DFDs that show how data moves through your app.
- Use frameworks like STRIDE and PWNISMS to find threats.
- Score and prioritize risks using DREAD, CVSS, and more.
- Recommend security controls & control reports for tech teams & execs.
- Help your org embed threat modeling into the SDLC.
%20copy.jpg)
Know your Trainer
Ganga Sumanth
Ganga Sumanth is an Associate Security Engineer at we45. His natural curiosity finds him diving into various rabbit holes which he then turns into playgrounds and challenges at AppSecEngineer. A passionate speaker and a ready teacher, he takes to various platforms to speak about security vulnerabilities and hardening practices. As an active member of communities like Null and OWASP, he aspires to learn and grow in a giving environment. These days he can be found tinkering with the likes of Go and Rust and their applicability in cloud applications. When not researching the latest security exploits and patches, he's probably raving about some niche add-on to his ever-growing collection of hobbies. Hobbies: Long distance cycling, hobby electronics, gaming, badminton, football, high altitude trekking SM Links: He is a Hermit, loves his privacy
Learn more about this trainer ➜
Trained at
Day 1
October 3, 2025
10am - 1pm ET
Foundations of System Threat Modeling & AI Integration
3 hour live online session
Main Takeaways
- Understand the "why" and "what" of threat modeling using the 4 core questions
- Grasp the fundamentals of LLMs and prompt engineering for security
- Learn the principles of the NIST SP 800-154 framework
- Recognize the critical role of scoping, Security Objectives, and Data Dictionaries
Skills Gained
- Articulating the business case for threat modeling
- Writing effective prompts using frameworks like COSTAR
- Defining the technical and business scope of a threat model
- Creating foundational artifacts like Security Objectives and a Data Dictionary
Day 2
October 10, 2025
10am - 1pm ET
System Decomposition & In-Depth Threat Analysis
3 hour live online session
Main Takeaways
- Understand how to deconstruct systems using Data Flow Diagrams (DFDs) and Trust Zones
- Master the application of the STRIDE framework
- Gain familiarity with the PWN-ISMS framework for analyzing threats in modern architectures
Skills Gained
- Analyzing system architecture diagrams to map data flows
- Assigning numerical Trust Zones to identify high-risk intersections
- Conducting a comprehensive threat analysis using STRIDE
- Applying the PWN-ISMS framework to identify risks across its seven domains
Day 3
October 17, 2025
10am - 1pm ET
Countermeasures, Validation, and the Shift to Agile
3 hour live online session
Main Takeaways
- Learn to propose realistic and effective security controls
- Understand the NIST framework for Countermeasure Impact Analysis
- Appreciate the challenges of traditional threat modeling in agile environments
- Grasp the principles of rapid, feature-focused security analysis using Mozilla's Rapid Risk Assessment (RRA)
Skills Gained
- Developing potential security controls
- Performing an Impact Analysis to prioritize countermeasures
- Articulating the value of "shifting left" into sprint planning
- Conducting a time-boxed Rapid Risk Assessment (RRA) for a new software feature
Day 4
October 24, 2025
10am - 1pm ET
Story-Driven Threat Modeling & Actionable Outcomes
3 hour live online session
Main Takeaways
- Master the Story-Driven Threat Modeling technique
- Understand how to create Mitigation Models and implement "Secure by Default" principles
- Learn the importance of validation and how to define Refutation Criteria
- Recognize that the goal is to produce actionable outputs for the development backlog
Skills Gained
- Translating User Stories into security-focused Abuser Stories
- Breaking down Abuser Stories into specific Threat Scenarios
- Designing and documenting Mitigation Models for development teams
- Defining concrete validation activities and refutation criteria for identified threats
Yes, you get certified… And it’s not just for show
- 2 exam attempts included with every bootcamp
- Certificate + CPE credits (1 per hour of training)
- Hands-on, project-based exam
- Evaluator-reviewed within 24-48 hours
- Certificate issued within 24 hours if you pass
You’ll submit a real project that shows what you’ve learned and proves you can apply it in the real world.
Technical Prerequisites
This course is designed for professionals looking to build a formal threat modeling competency. No direct threat modeling experience is required
Experience & Knowledge:
- Required: A foundational understanding of the Software Development Lifecycle (SDLC)
- Recommended: At least 1-2 years of experience in software development, security, or a related technical field
- Recommended: Familiarity with basic web application architecture (e.g., client-server models, APIs, databases)
- Helpful: A fundamental grasp of cybersecurity principles (Confidentiality, Integrity, Availability)
Technical Requirements:
- Software: No tool installation is required. The entire platform experience, including all labs, is delivered on-browser via appsecengineer.com. Please ensure any content filtering policies are configured to allow access.
- Hardware: A laptop or tablet with a modern, updated browser and stable internet access.
Certification Exam Time Commitment
Estimated effort:
5
hours
Time limit:
48
hours from the time you begin
Everything that comes with your bootcamp seat
AppSecEngineer Pro Plus Plan
Free access to the full Pro Plus AppSecEngineer subscription: for a whole year: courses, learning paths, challenges, and all cloud sandboxes included.
GenAI sandbox access
Get hands-on with LLMs in our secure AI playground. No ChatGPT+ account needed.
Certificate & CPE credits
Finish the bootcamp and earn a certificate you can use for career bragging rights and ISC2 CPE credits (1 credit per hour of training). You’ll also get two attempts at the certification exam if you want a second shot or just like acing things twice.
Live bootcamp access
Join live virtual sessions led by trainers who’ve seen real-world incidents and built secure systems. Ask questions, solve problems, and stay sharp.
One-year replay access
Can’t make it live? No stress. You’ll get full access to the session recordings and labs for one year.
Private support channel
Join your own Discord channel with the trainer and bootcamp peers. Ask questions and get answers for 60 days after your bootcamp begins.
Sign up. Show up. Skill up.
AppSecEngineer™ Certified Application Threat Modeler
$1499
Sign up now
Coming Soon
Sign up now
I finally learned how to break down business features into real threats. Abuser stories and STRIDE are now part of every sprint
Deepa Srinivasan, DevSecOps Engineer
This bootcamp helped me understand threat modeling deeply. From scoping to DFDs to mitigation, I can now run full sessions on my own.
Julian Carter, Application Security Engineer
What stood out was the use of AI. The hands-on labs with LLMs helped me speed up threat analysis without losing accuracy.
Lin Zhang, Solution Architect
Story-driven modeling was a game-changer. I can now turn user stories into actionable security insights that devs actually implement.
Aarav Mehta, QA Engineer
The course helped me communicate risks clearly to both devs and business (heads). The reporting techniques were extremely useful.
Sofia Ramirez, Technical Product Manager
I used to think threat modeling was too complex or theoretical. This workshop proved it can be practical, fast, and part of real workflows.
Nathan Kim, Software Engineer
FAQs
Do I get a certificate?
Can I use the certificate for CPE credits?
How many times can I take the certification exam?
How long do I have to complete the exam?
When do I get my certificate?
What if I need more help before the exam?
What if I miss a session?
Is this beginner-friendly?
Do I need to install anything?
Is this just another webinar?
Can't attend this bootcamp?
Get informed about future bootcamps!