Iterative Threat Modelling - Security in Agile Development

Iterative Threat Modelling - Security in Agile Development

Conf42 via YouTube Direct link

elevation of privilege

21 of 33

21 of 33

elevation of privilege

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Iterative Threat Modelling - Security in Agile Development

Automatically move to the next video in the Classroom when playback concludes

  1. 1 intro
  2. 2 about jags
  3. 3 expectations
  4. 4 threat modelling
  5. 5 misconceptions about tm
  6. 6 agile threat modelling
  7. 7 owasp juice shop
  8. 8 before starting...
  9. 9 example: security objective
  10. 10 what do we want to accomplish? - scoping
  11. 11 example: scoping
  12. 12 what are we building? software-centric approach
  13. 13 example: data flow diagram
  14. 14 what can go wrong? - evil brainstorming
  15. 15 methodology. No 'best' way
  16. 16 spoofed identity
  17. 17 tampering with input
  18. 18 repudiation of action
  19. 19 information disclosure
  20. 20 denial of service
  21. 21 elevation of privilege
  22. 22 example: applying stride
  23. 23 what are we going to do about it? - prioritize
  24. 24 example: prioritize
  25. 25 mitigation
  26. 26 example: mitigation
  27. 27 did we do a good job? - reflect...
  28. 28 iterative threat modelling ...and repeat
  29. 29 ways of running the workshop
  30. 30 learn more
  31. 31 threat modelling in software development lifecycle
  32. 32 what was the mnemonic again?!?!
  33. 33 takeaways

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.