Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Threat Model Every Story - Practical Continuous Threat Modeling Work for Your Team

OWASP Foundation via YouTube

Overview

Explore a team-based collaborative and continuous threat modeling methodology in this 49-minute conference talk from AppSecCali 2019. Discover how Autodesk is adapting to the challenges of agile development by moving away from traditional waterfall approaches and integrating threat modeling into the ongoing design process. Learn about the shift in dependency from security SMEs to development teams and gain insights into PyTM, an open-source threat-modeling-as-code support system. Delve into practical approaches for implementing continuous threat modeling, including principles checklists, threat modeling timelines, and reactions from product teams. Gain valuable knowledge on how to effectively integrate security considerations throughout the development lifecycle in fast-paced, agile environments.

Syllabus

Intro
Threat Modeling - what & why
A Threat Modeling (ongoing) personal journey
Did those methods reach the goals?
The Case For Continuous TM
Threat Model Every Story
Handbook and Subject areas
Principles Checklist
Threat Modeling Timeline
Reactions from product teams
Three current practical approaches
PyTM - Elements and Attributes
PyTM - Report template

Taught by

OWASP Foundation

Reviews

Start your review of Threat Model Every Story - Practical Continuous Threat Modeling Work for Your Team

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.