This workshop is designed for all professionals, not just AWS experts. We'll start with a common application architecture diagram and evolve it to a corresponding AWS architecture, integrating AWS resources and network components like VPC, EC2, and serverless technologies. Participants will receive prepared lists of common threats and mitigations, including a general threat list and an AWS-specific threat list. Each threat will be mapped to one of the STRIDE categories for comprehensive analysis.

Agenda:

- Examine the Architecture: Begin with a standard application architecture and transition to an AWS-specific diagram, incorporating AWS resources and network elements.

- Interactive Threat Identification: Engage in an interactive discussion to investigate the architecture, identifying threats based on pre-prepared lists and evaluating each component or process flow using checklists.

- Draw Trust Boundaries: Analyze and draw trust boundaries around different components or process flows, determining potential threats and their implications.

Join us to enhance your threat modeling skills through a hands-on approach, applicable to both general and AWS-specific architectures. Gain practical experience in identifying and mitigating threats, and leave with actionable insights for your own threat modeling practices.