Incremental Threat Modeling
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore an efficient technique for implementing threat modeling in ongoing complex projects without a significant initial time investment in this 44-minute conference talk from AppSec EU 2017. Learn about incremental threat modeling, starting with a brief overview of traditional threat modeling concepts such as Data Flow Diagrams and STRIDE. Discover how to apply this approach using a simple architecture example, identify relevant threats, and address potential security issues. Understand the caveats of this method, including handling deviations from the original design, and recognize the importance of eventually building a comprehensive security picture. Gain valuable insights into integrating security practices into existing development processes without overwhelming time constraints.
Syllabus
Intro
Threat modelling - reminder
Data Flow Diagrams
STRIDE
Introducing our example
A very simple architecture
Now pretend to forget it
Last step
Relevant Threats
How to make them go away
Caveats
What if implementation deviates from design?
Looks familiar?
This does not work in security!
Eventually need the whole picture
Eventually is better than upfront
Conclusion
Points of contact
Taught by
OWASP Foundation
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network