Threat Model Every Story - Practical Continuous Threat Modeling Work for Your Team
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore a team-based collaborative and continuous threat modeling methodology in this 49-minute conference talk from AppSecCali 2019. Discover how Autodesk is adapting to the challenges of agile development by moving away from traditional waterfall approaches and integrating threat modeling into the ongoing design process. Learn about the shift in dependency from security SMEs to development teams and gain insights into PyTM, an open-source threat-modeling-as-code support system. Delve into practical approaches for implementing continuous threat modeling, including principles checklists, threat modeling timelines, and reactions from product teams. Gain valuable knowledge on how to effectively integrate security considerations throughout the development lifecycle in fast-paced, agile environments.
Syllabus
Intro
Threat Modeling - what & why
A Threat Modeling (ongoing) personal journey
Did those methods reach the goals?
The Case For Continuous TM
Threat Model Every Story
Handbook and Subject areas
Principles Checklist
Threat Modeling Timeline
Reactions from product teams
Three current practical approaches
PyTM - Elements and Attributes
PyTM - Report template
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube