Overview
Explore a team-based collaborative and continuous threat modeling methodology in this 49-minute conference talk from AppSecCali 2019. Discover how Autodesk is adapting to the challenges of agile development by moving away from traditional waterfall approaches and integrating threat modeling into the ongoing design process. Learn about the shift in dependency from security SMEs to development teams and gain insights into PyTM, an open-source threat-modeling-as-code support system. Delve into practical approaches for implementing continuous threat modeling, including principles checklists, threat modeling timelines, and reactions from product teams. Gain valuable knowledge on how to effectively integrate security considerations throughout the development lifecycle in fast-paced, agile environments.
Syllabus
Intro
Threat Modeling - what & why
A Threat Modeling (ongoing) personal journey
Did those methods reach the goals?
The Case For Continuous TM
Threat Model Every Story
Handbook and Subject areas
Principles Checklist
Threat Modeling Timeline
Reactions from product teams
Three current practical approaches
PyTM - Elements and Attributes
PyTM - Report template
Taught by
OWASP Foundation