Automating Architectural Risk Analysis with Open Threat Model Format
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the automation of architectural risk analysis using the Open Threat Model format in this 47-minute OWASP Foundation conference talk by Fraser Scott, VP of Product at IriusRisk. Delve into the challenges of manual security workshops and discover how Infrastructure as Code can streamline the process. Learn about the Open Threat Model (OTM) format and its implementation in DevSecOps workflows. Gain insights into architectural risk analysis, threat modeling, and shifting security left in software development. Examine the differences between software development and manufacturing, and understand the continuous iterative revisionist design approach. Discover practical applications of the OTM format, its key features, and potential use cases through a comprehensive demonstration.
Syllabus
Introduction
What is architecture
What is architectural risk analysis
Insecure design
Threat modelling
Shifting security left
Architecture challenges
Software development vs manufacturing
Software development is art
Continuous iterative revisionist design
Canvas framework
Warding map
Continuous iterative revisionist
Infrastructure as code
Open threat model format
Potential use cases
Open specification
Object attributes
Key differences
Unique Identifiers
Representations
Application Code
Trust Zones
Components
Data Flow
Threats
Mitigations
Component
Demo
Taught by
OWASP Foundation
Related Courses
Web Engineering III: Quality AssuranceTechnische Hochschule Mittelhessen via iversity Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX DevOps for Developers: How to Get Started
Microsoft via edX Accelerate Software Delivery using DevOps
Microsoft via edX Building R Packages
Johns Hopkins University via Coursera