Value Driven Threat Modeling
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore value-driven threat modeling techniques to efficiently embed secure design into product development from the start. Learn how development teams can protect applications and business value without extensive resources or time investment. Discover an agile approach to threat modeling that integrates with existing development cycles, minimizing risk and lowering security costs. Walk through example scenarios, understand how to incorporate this methodology into agile processes, and see how security professionals can productively participate in development by leveraging developers' habits. Gain insights from Avi Douglen, a seasoned software security consultant, as he presents at AppSecUSA 2018, covering topics such as STRIDE, attack trees, PASTA, and the OWASP Juice Shop project.
Syllabus
Intro
Summary
About Me
Classic Methodologies
STRIDE Per-Element
Attack Trees
P.A.S.T.A
Documentation?
Back to Basics
Reframing TM
Scope
For each feature: Find the value
Workflow
OWASP Juice Shop
Definition of Done
Acceptance Criteria
Security Unit Tests
Abuser Stories
Updated User Story Format
Threat Pyramid
Story Points Relative estimate of effort
Communication
Benefits over Classic TM
Limitations
Taught by
OWASP Foundation
Related Courses
MongoDB for .NET DevelopersMongoDB University Web Application Development – Capstone Course
University of New Mexico via Coursera Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent Reliable Cloud Infrastructure: Design and Process auf Deutsch
Google Cloud via Coursera Securing and Integrating Components of your Application 日本語版
Google Cloud via Coursera