Hacker Summer Camp Special: Get 40% OFF with code HACKERCAMP40. Limited time only!
X
X
X

Live Online

4
Live sessions
3
Hours per Session
52
Weeks access
6
Lab Exercises

AppSecEngineer™ Certified Application Threat Modeler

2 Certification Exam Attempts
All Recordings of Live sessions
Unlimited access to all 2000+ labs and 500+ courses on AppSecEngineer platform for 1 year
Ideal for
Developer
Security Engineer
DevOps
Pentester
Security Architect
QA Engineers
DevSecOps Engineers
Application Security
Solutions Architects & System Designers
Technical Product Managers
Sign up now
Coming Soon
Sign up now

Before this bootcamp

  • No clear threat modeling process
    You’ve heard of threat modeling but don’t know where to start.
  • Security happens late
    Threats are found after code is written—not before.
  • AI tools feel overwhelming
    You’re unsure how to use LLMs for security work.
  • Gap between tech and business
    Security, product, and engineering speak different languages.

    • After this bootcamp

    • Work with PMs, BAs, and engineers to define what’s in scope.
    • Draw full system and component diagrams with ease.
    • Create DFDs that show how data moves through your app.
    • Use frameworks like STRIDE and PWNISMS to find threats.
    • Score and prioritize risks using DREAD, CVSS, and more.
    • Recommend security controls & control reports for tech teams & execs.
    • Help your org embed threat modeling into the SDLC.

    Know your Trainer

    Ganga Sumanth

    Ganga Sumanth is an Associate Security Engineer at we45. His natural curiosity finds him diving into various rabbit holes which he then turns into playgrounds and challenges at AppSecEngineer. A passionate speaker and a ready teacher, he takes to various platforms to speak about security vulnerabilities and hardening practices. As an active member of communities like Null and OWASP, he aspires to learn and grow in a giving environment. These days he can be found tinkering with the likes of Go and Rust and their applicability in cloud applications. When not researching the latest security exploits and patches, he's probably raving about some niche add-on to his ever-growing collection of hobbies. Hobbies: Long distance cycling, hobby electronics, gaming, badminton, football, high altitude trekking SM Links: He is a Hermit, loves his privacy
    Learn more about this trainer ➜

    Trained at

    Day 1

    August 22, 2025
    10am - 1pm PT

    Foundations of System Threat Modeling & AI Integration

    3 hour live online session

    Main Takeaways
    • Understand the "why" and "what" of threat modeling using the 4 core questions
    • Grasp the fundamentals of LLMs and prompt engineering for security
    • Learn the principles of the NIST SP 800-154 framework
    • Recognize the critical role of scoping, Security Objectives, and Data Dictionaries
    Skills Gained
    • Articulating the business case for threat modeling
    • Writing effective prompts using frameworks like COSTAR
    • Defining the technical and business scope of a threat model
    • Creating foundational artifacts like Security Objectives and a Data Dictionary

    Day 2

    August 29, 2025
    10am - 1pm PT

    System Decomposition & In-Depth Threat Analysis

    3 hour live online session

    Main Takeaways
    • Understand how to deconstruct systems using Data Flow Diagrams (DFDs) and Trust Zones
    • Master the application of the STRIDE framework
    • Gain familiarity with the PWN-ISMS framework for analyzing threats in modern architectures

    Skills Gained
    • Analyzing system architecture diagrams to map data flows
    • Assigning numerical Trust Zones to identify high-risk intersections
    • Conducting a comprehensive threat analysis using STRIDE
    • Applying the PWN-ISMS framework to identify risks across its seven domains

    Day 3

    September 5, 2025
    10am - 1pm PT

    Countermeasures, Validation, and the Shift to Agile

    3 hour live online session

    Main Takeaways
    • Learn to propose realistic and effective security controls
    • Understand the NIST framework for Countermeasure Impact Analysis
    • Appreciate the challenges of traditional threat modeling in agile environments
    • Grasp the principles of rapid, feature-focused security analysis using Mozilla's Rapid Risk Assessment (RRA)
    Skills Gained
    • Developing potential security controls
    • Performing an Impact Analysis to prioritize countermeasures
    • Articulating the value of "shifting left" into sprint planning
    • Conducting a time-boxed Rapid Risk Assessment (RRA) for a new software feature

    Day 4

    September 12, 2025
    10am - 1pm PT

    Story-Driven Threat Modeling & Actionable Outcomes

    3 hour live online session

    Main Takeaways
    • Master the Story-Driven Threat Modeling technique
    • Understand how to create Mitigation Models and implement "Secure by Default" principles
    • Learn the importance of validation and how to define Refutation Criteria
    • Recognize that the goal is to produce actionable outputs for the development backlog
    Skills Gained
    • Translating User Stories into security-focused Abuser Stories
    • Breaking down Abuser Stories into specific Threat Scenarios
    • Designing and documenting Mitigation Models for development teams
    • Defining concrete validation activities and refutation criteria for identified threats

    Technical Prerequisites

    This course is designed for professionals looking to build a formal threat modeling competency. No direct threat modeling experience is required

    Experience & Knowledge:

    • Required: A foundational understanding of the Software Development Lifecycle (SDLC)
    • Recommended: At least 1-2 years of experience in software development, security, or a related technical field
    • Recommended: Familiarity with basic web application architecture (e.g., client-server models, APIs, databases)
    • Helpful: A fundamental grasp of cybersecurity principles (Confidentiality, Integrity, Availability)


    Technical Requirements:

    • Software: No tool installation is required. The entire platform experience, including all labs, is delivered on-browser via appsecengineer.com. Please ensure any content filtering policies are configured to allow access.
    • Hardware: A laptop or tablet with a modern, updated browser and stable internet access.

    Everything that comes with your bootcamp seat

    AppSecEngineer Pro Plus Plan
    Free access to the full Pro Plus AppSecEngineer subscription: for a whole year: courses, learning paths, challenges, and all cloud sandboxes included.
    GenAI sandbox access
    Get hands-on with LLMs in our secure AI playground. No ChatGPT+ account needed.
    Certificate & CPE credits
    Finish the bootcamp and earn a certificate you can use for career bragging rights and ISC2 CPE credits (1 credit per hour of training).
    Live bootcamp access
    Join live virtual sessions led by trainers who’ve seen real-world incidents and built secure systems. Ask questions, solve problems, and stay sharp.
    One-year replay access
    Can’t make it live? No stress. You’ll get full access to the session recordings and labs for one year.
    Private support channel
    Join your own Discord channel with the trainer and bootcamp peers. Ask questions and get answers for 60 days after your bootcamp begins.

    Sign up. Show up. Skill up.

    AppSecEngineer™ Certified Application Threat Modeler
    $1499
    Sign up now

    I finally learned how to break down business features into real threats. Abuser stories and STRIDE are now part of every sprint

    Deepa Srinivasan, DevSecOps Engineer

    This bootcamp helped me understand threat modeling deeply. From scoping to DFDs to mitigation, I can now run full sessions on my own.

    Julian Carter, Application Security Engineer

    What stood out was the use of AI. The hands-on labs with LLMs helped me speed up threat analysis without losing accuracy.

    Lin Zhang, Solution Architect

    Story-driven modeling was a game-changer. I can now turn user stories into actionable security insights that devs actually implement.

    Aarav Mehta, QA Engineer

    The course helped me communicate risks clearly to both devs and business (heads). The reporting techniques were extremely useful.

    Sofia Ramirez, Technical Product Manager

    I used to think threat modeling was too complex or theoretical. This workshop proved it can be practical, fast, and part of real workflows.

    Nathan Kim, Software Engineer

    FAQs

    Do I get a certificate?
    Can I use the certificate for CPE credits?
    What if I miss a session?
    Is this beginner-friendly?
    What if I have a question?
    Do I need to install anything?
    Is this just another webinar?

    Can't attend this bootcamp?

    Get informed about future bootcamps!
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.

    Ready to Elevate Your Security Training?

    Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
    Get Our Newsletter
    Get Started
    X
    X
    About Us
    Privacy Policy


    United States    11166 Fairfax Boulevard, 500, Fairfax, VA 22030

    APAC
    68 Circular Road, #02-01, 049422, Singapore


    For Support write to help@appsecengineer.com

    FOLLOW APPSECENGINEER
    SOC2 Type2 Compliant
    4.3
    Copyright AppSecEngineer © 2025