Here is the course description:
The workshop will simulate a real-world Threat Modeling session, with (ideally) the target being a application currently maintained by some (or all) of the attending delegates. A very common outcome is that new high-risk vulnerabilities are discovered during the course (the backup plan is to use vulnerable-by-design demo applications, but the learning impact is not the same as when the delegates see real-world vulnerabilities in their applications). Although secure coding is a large part of the course, there will be the opportunity to learn and write exploits around multiple OWASP Top 10 vulnerabilities (like XSS, CSRF, SQL Injection or Indirect Object Reference).
Delegates should come in with an open mind to structure, as many of the topics below will be exposed and discussed in the context of sites and applications being analysed, rather than in the strict sequence below. As time available is short, it may not be possible to cover all topics. Therefore delegates are encouraged to dictate priorities to the instructor at the start of the workshop.