Intermediate

Threat Modeling for Web APIs

Name: Threat Modeling for Web APIs
Price: 72000 JPY

Stride-style modeling workshops that connect abuse cases to API routes, scopes, and rate limits.

Cover art for Threat Modeling for Web APIs

Overview

You diagram realistic payment and identity flows, annotate trust boundaries, and translate findings into Jira-ready tickets. Includes bilingual glossary for shared teams across Kyoto and remote EU partners.

Duration: 4 weeks · 26 hours · Format: Hybrid workshops · Language: English · Certificate: Included

Price (informational): ¥72,000

What is included

Template pack for Mermaid and Excalidraw diagrams
Sample abuse cases for OAuth2 and mTLS hybrids
Workshop recordings with chapter markers
Facilitator notes for internal brown bags
Checklist for third-party webhook integrations
Office hours for async learners in JST evenings

Outcomes

Deliver a threat model packet for one production API
Prioritize mitigations with business-readable rationale
Facilitate a 60-minute modeling session with peers

Lead mentor

Leo Andersson

API architect turned instructor; coaches teams on turning diagrams into shipped controls.

FAQ

Can product managers join?

Yes, we encourage mixed tables; engineers lead technical depth while PMs capture business risks.

What tooling is required?

Limitations?

Experience notes

Our webhook abuse cases were embarrassingly thin before week two — the facilitator pushed us to quantify blast radius.

Rina

The bilingual glossary saved our mixed JP/EU squad hours every retro.

Omar · Staff engineer · Payments startup · 4/5 · Google

Return to catalog Request information