Threat Modelling Stories from the Trenches
Offered By: LASCON via YouTube
Course Description
Overview
Explore real-world threat modeling case studies in this 51-minute LASCON conference talk. Gain insights into the practical application of threat modeling by examining design flaws uncovered in various domains, including online gaming, two-factor authentication, business-to-business, embedded systems, and cloud computing. Participate in an interactive session that focuses on real-world mistakes, reinforcing secure design principles and attack patterns. Learn how to bridge the gap between theory and practice by analyzing anonymized systems and their vulnerabilities. Discover the threat modeling mindset and its effectiveness in identifying software design defects across different scenarios.
Syllabus
Introduction
About me
Methodology
Design Flaws
App Check
What we learned
Stepup Authentication
Authentication Layer
Attack Scenarios
Link between the two
Flow modeling
Responsibilities
Cookies
Passwords
Change
Deployment Scenarios
Playing Well with Others
Do You Prevent This
Lessons
Taught by
LASCON
Related Courses
Comparing WAF and RASP - Why?LASCON via YouTube API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube