Completed
iterative threat modelling ...and repeat
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Iterative Threat Modelling - Security in Agile Development
Automatically move to the next video in the Classroom when playback concludes
- 1 intro
- 2 about jags
- 3 expectations
- 4 threat modelling
- 5 misconceptions about tm
- 6 agile threat modelling
- 7 owasp juice shop
- 8 before starting...
- 9 example: security objective
- 10 what do we want to accomplish? - scoping
- 11 example: scoping
- 12 what are we building? software-centric approach
- 13 example: data flow diagram
- 14 what can go wrong? - evil brainstorming
- 15 methodology. No 'best' way
- 16 spoofed identity
- 17 tampering with input
- 18 repudiation of action
- 19 information disclosure
- 20 denial of service
- 21 elevation of privilege
- 22 example: applying stride
- 23 what are we going to do about it? - prioritize
- 24 example: prioritize
- 25 mitigation
- 26 example: mitigation
- 27 did we do a good job? - reflect...
- 28 iterative threat modelling ...and repeat
- 29 ways of running the workshop
- 30 learn more
- 31 threat modelling in software development lifecycle
- 32 what was the mnemonic again?!?!
- 33 takeaways
