Learn practical threat modeling techniques using Microsoft's Threat Modeling Tool 2016 in this 44-minute conference talk from AppSecEU 2016 in Rome. Explore the fundamentals of threat modeling, risk assessment, and identification while gaining hands-on experience with data flow-based threat modeling. Discover how to leverage tools, templates, and stencils to enhance your threat modeling process, and understand the importance of properties, complexity, and countermeasures in assessing risks. Gain insights into managing bigger threats, improving modeling speed, and importing templates to streamline your security analysis workflow.
Practical Threat Modeling with Microsoft's Threat Modeling Tool 2016
Overview
Syllabus
Introduction
Starting motivation
Threat modeling
Risk assessment
Identification
Tools
Threat Modeling Tools
Data Flow Based Threat Modeling
Demo
Bigger threats
Properties
Stencil
Data Flow
Stencils
Thread Models
Template
Speed
Complexity
Countermeasures
Risk
Diversion
Strikes
Import template
Taught by
OWASP Foundation
