Value driven threat modeling

DevSecCon Tel Aviv 2018 speaker
07 May 2018
16:15 - 16:50
Convention Hall A4

Value driven threat modeling

Threat Modeling is a great method to identify potential security weaknesses, and is an important part of any secure design. A threat model can help analyze how to best protect your assets, prevent attacks, harden your systems, and efficiently prioritize security investment. Regardless of programming language, threat modeling provides a far greater return than most any other security technique in the development process. Therefore, threat modeling should be an early priority in application design process. Unfortunately, it is common knowledge that building a full threat model is always heavily resource intensive, requires a full team of expensive security professionals, takes up far too much developer time, and does not scale at all.

But the common knowledge is wrong! In fact, this is not at all necessary, and should not be an excuse to avoid building a robust system. Using a value-driven approach, skilled development teams can very efficiently ensure that the features they build can protect themselves, the application, and the business value that the features were created for. Value Driven Threat Modeling offers an alternative to top-heavy, big-model-up-front threat modeling, in favor of agility, speed, and developer independence.

This talk will describe Value Driven Threat Modeling, and show how to incorporate it into your existing agile methodologies. We will discuss how developers can efficiently produce and leverage a threat model to improve application development, and walkthrough some example scenarios.

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Got it!" below then you are consenting to this.