Cloudy with a chance of threat models
Introducing the OWASP Cloud Security project. Borne out of the awesome OWASP Summit 2017, this project aims to help organisations get started with understanding the types of threats they may face when running services in the cloud by providing easy to use and adaptable threat models. But knowing the threats is only half the battle, so the project also provides mitigations in the form of BDD stories. This talk covers the threat modelling process, some of the interesting findings, looks at using BDD for cloud security and even includes a few sneaky tools.