Overview
Explore the fundamentals of threat modeling in software development through this 49-minute conference talk from APPSEC Cali 2018. Delve into the essential components of effective threat modeling, including structuring potential attacks, identifying bad actors, and implementing countermeasures. Learn how to apply these concepts using a cryptocurrency ecosystem as a practical example. Gain insights from Jonathan Marcil, an Application Security Engineer at Twitch, as he shares his expertise in architecture analysis, code review, and security tool evaluation. Discover the importance of early security analysis in the development process and how threat modeling can improve communication within teams. Examine various tools and techniques, such as DFG diagrams, flow diagrams, and attack trees, to enhance your threat modeling skills. Benefit from Marcil's extensive experience in Information Technology and Security as you explore this crucial aspect of application security.
Syllabus
Introduction
Background
Threat Modeling Experience
What is Threat Modeling
Train Intelligence
Why do Threat Modeling
Lack of Communication
Communication
Tools
DFG Diagram
Not an architectural document
Flow diagram
Mobile app
Electron Wallet
Exchange
Blockchain Integration
Extended Set
Domain Real Life
Graph
Labels
Errors
Target Visuals
JSONRPC Vulnerability
Note
Security Control Checklist
Questions
Architecture
Attack Tree
Spy
Privacy
Balance
WebEx
Whiteboard
Plans UML
Parse
Conclusion
Modeling Panels
Taught by
OWASP Foundation