Overview
Explore the fundamentals of threat modeling in this 49-minute conference talk from BSides Boston 2015. Delve into key concepts including threat definitions, data flow diagrams, and the STRIDE model. Learn how to gather documentation, identify threats, address vulnerabilities, and validate your approach. Understand the differences between threat modeling and risk assessment, and gain insights into elevation of privilege concerns. Discover whether threat modeling is the right approach for your security needs and how to overcome common challenges in implementation.
Syllabus
Introduction
What is threat modeling
Definitions
Gather Documentation
Data Flow Diagram
Identifying Threats
Stride
Elevation of Privilege
Addressing the Threats
Validating
Challenge
Threat Modeling vs Risk Assessment
Threat vs Vulnerability