Submit to your local DSC chapter CFPSubmit now!

DSC Germany

Application Threat Modeling explained in a playful way with a card game.

with Maximilian Stauß


It is not only since 2021 that the item “Insecure Design” was newly included in the OWASP top ten list at position four that it is clear that security requirements should be taken into account as early as possible in the development process. One of the techniques to do this is Application Threat Modeling. Based on the experience of many threat modeling workshops and inspired by other threat modeling card games, aramido has developed a threat modeling card game specialized for web applications. The presentation will go into the general methodology of threat modeling and explain how card games help to establish a “hacker mindset” in development teams. Afterwards, a selected group of participants will demonstrate their threat modeling skills in practice using a sample application.


Maximilian Stauß

Information Security Consultant at Aramido

About Maximilian Stauß

Maximilian Stauß works as an information security consultant and advises clients on the introduction of information security management systems, conducts training for employees and administrators, and regularly audits companies on their security level. In his master’s thesis, he worked on the assessment of cyber threats using a graph database.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy