Security Requirements and Threat Assessment

We all want to build security into our applications from the very beginning. Sometimes however it can be tricky to know how to identify and plan for security requirements.

Our full-day workshop provides an engaging and practical way to learn how to identify security requirements in user stories and carry out threat assessments of software systems as you build them. Using hands on exercises, simulations and debate - participants will learn how to spot threat and how to choose remediation activities in a safe environment.

This course supports PCI compliance requirements and a wide range of roles and technical abilities are encouraged to attend.



This course will cover the following:

  • Introductions

  • Security fundamentals for design and architecture

  • Security requirements capture and stories

  • Threat assessment with STRIDE

  • Attack Trees and mitigation prioritisation

  • Questions and required followup actions

This course is designed to be hands on and interactive. Lecture material is combined with a range of custom built exercises to test students and let them experiment with the techniques discussed in this course.


1 day (08:30 - 16:30)




All roles (including Analysts, Developers, Testers, Architects and Security)

Price per person

$600 (excluding GST)