Threat Modeling With Architectural Risk Patterns
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore threat modeling with architectural risk patterns in this AppSecUSA 2016 conference talk. Learn about a software-centric approach that uses risk patterns to increase efficiency and consistency in threat modeling. Discover how this method can be implemented through tooling to automatically generate threat models based on architectural decisions. Understand the application of object-oriented software design principles like inheritance and method overloading to maintain and extend pattern contents. Gain insights into extracting expertise from software security experts for reusable threat modeling knowledge within organizations. The talk covers topics such as the challenges of manual threat modeling, scaling the process in enterprise environments, and addressing the lack of security skills in smaller companies. Delve into incremental improvements in risk pattern usage, from simple checklists to flexible rules engines, and learn how this approach can support security in the software development lifecycle.
Syllabus
Introduction
Who does threat modeling
Why not threat modeling
AppSec 6 study
DevOps
Threat Modeling
The Easy Stuff
Conscious Compromise
Template
OSVS
Risk Rating
Problems
Components
Users Perspective
Threat Models
countermeasures
Authentication
Generic Patterns
SSH Service
Building a Library
Inheritance System
Two Problems
Solutions
Rules Engine
Shortcut
Advantages
SD Elements
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube