Fixing Broken Enterprise Threat Models with OWASP Efforts - Commissioning AppSec Professionals for Real Change

Explore a keynote address from AppSecUSA 2017 that challenges the status quo of enterprise threat modeling and proposes innovative solutions using OWASP projects. Discover how Tony UcedaVelez, CEO of VerSprite, advocates for a paradigm shift in security practices, moving away from compliance-driven approaches and ineffective threat intelligence. Learn about the concept of an OWASP security mesh and how it can revolutionize security programs in organizations of all sizes. Gain insights into addressing undefined attack surfaces, risk distortions, and the overreliance on controls. Understand how key OWASP projects can empower even small security teams to make significant, measurable impacts on their organizations' security posture. Delve into topics such as the risk dilemma, threat modeling processes, IoT context, threat landscapes, and the integration of security roles and projects. Conclude with a call to action for AppSec professionals to drive real change in their respective security programs and companies.

Introduction
Risk Dilemmas
Threat Modeling Process
IOT
Context
Common denominator
Threat model stories
Funneling context
Threat landscape
Missing deliverables
Roles
Integration
Projects
blinding threat modeling
Cisco Project
Web Testing Framework
Model Security Rule
Besom