It is not only since 2021 that the item “Insecure Design” was newly included in the OWASP top ten list at position four that it is clear that security requirements should be taken into account as early as possible in the development process. One of the techniques to do this is Application Threat Modeling. Based on the experience of many threat modeling workshops and inspired by other threat modeling card games, aramido has developed a threat modeling card game specialized for web applications. The presentation will go into the general methodology of threat modeling and explain how card games help to establish a “hacker mindset” in development teams. Afterwards, a selected group of participants will demonstrate their threat modeling skills in practice using a sample application.
Application Threat Modeling explained in a playful way with a card game.
About Maximilian Stauß
Maximilian Stauß works as an information security consultant and advises clients on the introduction of information security management systems, conducts training for employees and administrators, and regularly audits companies on their security level. In his master’s thesis, he worked on the assessment of cyber threats using a graph database.