Threat Modeling Workshop

Robert Hurlbut - Software Security Consultant
11 Sep 2017
14:00 - 18:00
LOGAN ROOM

Threat Modeling Workshop

Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some teams either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven’t quite figured out how to connect the threat models to real world software development and its priorities. Threat modeling should be part of your secure software design process. Using threat modeling and some principals of risk management, you can design software in a way that makes security one of the top goals, along with performance, scalability, reliability, and maintenance.

In this workshop, attendees will learn about Threat Modeling through understanding concepts and hands-on demos:

  • Introduction to Threat Modeling, including how to conduct a typical Threat Modeling session
  • Understand practical strategies in finding Threats,
  • Determine proper Mitigations, and how to apply Risk Management with the Mitigations
  • Hands-on demo of one or two Real World Threat Modeling case studies
  • Hands-on demos of the Microsoft Threat Modeling Tool 2016 and OWASP Threat Dragon

Attendee requirements:

  • Windows laptop or virtual machine with Microsoft Threat Modeling Tool 2016 installed (highly recommended, but not required)
  • GitHub account in order to use OWASP Threat Dragon