Threat Model Every Story - Practical Continuous Threat Modeling Work for Your Team
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore a team-based collaborative and continuous threat modeling methodology in this 49-minute conference talk from AppSecCali 2019. Discover how Autodesk is adapting to the challenges of agile development by moving away from traditional waterfall approaches and integrating threat modeling into the ongoing design process. Learn about the shift in dependency from security SMEs to development teams and gain insights into PyTM, an open-source threat-modeling-as-code support system. Delve into practical approaches for implementing continuous threat modeling, including principles checklists, threat modeling timelines, and reactions from product teams. Gain valuable knowledge on how to effectively integrate security considerations throughout the development lifecycle in fast-paced, agile environments.
Syllabus
Intro
Threat Modeling - what & why
A Threat Modeling (ongoing) personal journey
Did those methods reach the goals?
The Case For Continuous TM
Threat Model Every Story
Handbook and Subject areas
Principles Checklist
Threat Modeling Timeline
Reactions from product teams
Three current practical approaches
PyTM - Elements and Attributes
PyTM - Report template
Taught by
OWASP Foundation
Related Courses
Desarrollo y Diseño de Videojuegos: Proyecto finalUniversidad de los Andes via Coursera Web Application Development: Basic Concepts
University of New Mexico via Coursera Agile Development in Practice (Project-centered Course)
University of Virginia via Coursera 软件工程
Peking University via Coursera Software Engineering: Introduction
The University of British Columbia via edX