Threat Modeling (Uncover Vulnerabilities Without Looking At Code)
By Chris Romeo | 54 Min Video
In this high-level threat modeling talk, we will share an approach for analyzing the security of an application. Threat modeling is a learned security skill where developers find security issues and mitigate the problems before writing a single code line. Threat modeling consists of drawing a simple data flow diagram, analyzing the design for security threats using STRIDE, and mitigating any found issues. Survey available threat modeling tools that participants could use within their organizations to perform threat modeling.
This session introduces this topic by answering what, why, and how. Walkthrough a sample threat model to expose the process and survey the available tools to perform threat modeling.
Watch more videos like this on our YouTube Channel.
Chris Romeo is CEO and co-founder of Security Journey and is a builder of security culture influencing education. His passion is to bring security culture change to all organizations, large and small, by providing gamified security programs. Chris is a highly rated industry speaker and trainer, featured at RSA Conference, OWASP Global AppSec, and ISC2 Security Congress. Chris was the Chief Security Advocate at Cisco for five years, empowering engineers to shift security left in all products and led Cisco’s security belt program (Cisco Security Ninja). Chris has twenty-three years of security experience, holding positions across the gamut, including application security, security engineering, and incident response. Chris holds the CISSP and CSSLP certifications.Tags: Security