Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Incremental Threat Modeling

OWASP Foundation via YouTube

Overview

Explore an efficient technique for implementing threat modeling in ongoing complex projects without a significant initial time investment in this 44-minute conference talk from AppSec EU 2017. Learn about incremental threat modeling, starting with a brief overview of traditional threat modeling concepts such as Data Flow Diagrams and STRIDE. Discover how to apply this approach using a simple architecture example, identify relevant threats, and address potential security issues. Understand the caveats of this method, including handling deviations from the original design, and recognize the importance of eventually building a comprehensive security picture. Gain valuable insights into integrating security practices into existing development processes without overwhelming time constraints.

Syllabus

Intro
Threat modelling - reminder
Data Flow Diagrams
STRIDE
Introducing our example
A very simple architecture
Now pretend to forget it
Last step
Relevant Threats
How to make them go away
Caveats
What if implementation deviates from design?
Looks familiar?
This does not work in security!
Eventually need the whole picture
Eventually is better than upfront
Conclusion
Points of contact

Taught by

OWASP Foundation

Reviews

Start your review of Incremental Threat Modeling

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.