Incremental Threat Modeling
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore an efficient technique for implementing threat modeling in ongoing complex projects without a significant initial time investment in this 44-minute conference talk from AppSec EU 2017. Learn about incremental threat modeling, starting with a brief overview of traditional threat modeling concepts such as Data Flow Diagrams and STRIDE. Discover how to apply this approach using a simple architecture example, identify relevant threats, and address potential security issues. Understand the caveats of this method, including handling deviations from the original design, and recognize the importance of eventually building a comprehensive security picture. Gain valuable insights into integrating security practices into existing development processes without overwhelming time constraints.
Syllabus
Intro
Threat modelling - reminder
Data Flow Diagrams
STRIDE
Introducing our example
A very simple architecture
Now pretend to forget it
Last step
Relevant Threats
How to make them go away
Caveats
What if implementation deviates from design?
Looks familiar?
This does not work in security!
Eventually need the whole picture
Eventually is better than upfront
Conclusion
Points of contact
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube