Threat Modelling Stories from the Trenches

Explore real-world threat modeling case studies in this 51-minute LASCON conference talk. Gain insights into the practical application of threat modeling by examining design flaws uncovered in various domains, including online gaming, two-factor authentication, business-to-business, embedded systems, and cloud computing. Participate in an interactive session that focuses on real-world mistakes, reinforcing secure design principles and attack patterns. Learn how to bridge the gap between theory and practice by analyzing anonymized systems and their vulnerabilities. Discover the threat modeling mindset and its effectiveness in identifying software design defects across different scenarios.

Introduction
About me
Methodology
Design Flaws
App Check
What we learned
Stepup Authentication
Authentication Layer
Attack Scenarios
Link between the two
Flow modeling
Responsibilities
Cookies
Passwords
Change
Deployment Scenarios
Playing Well with Others
Do You Prevent This
Lessons