Explore the automation of architectural risk analysis using the Open Threat Model format in this 47-minute OWASP Foundation conference talk by Fraser Scott, VP of Product at IriusRisk. Delve into the challenges of manual security workshops and discover how Infrastructure as Code can streamline the process. Learn about the Open Threat Model (OTM) format and its implementation in DevSecOps workflows. Gain insights into architectural risk analysis, threat modeling, and shifting security left in software development. Examine the differences between software development and manufacturing, and understand the continuous iterative revisionist design approach. Discover practical applications of the OTM format, its key features, and potential use cases through a comprehensive demonstration.
Automating Architectural Risk Analysis with Open Threat Model Format
Overview
Syllabus
Introduction
What is architecture
What is architectural risk analysis
Insecure design
Threat modelling
Shifting security left
Architecture challenges
Software development vs manufacturing
Software development is art
Continuous iterative revisionist design
Canvas framework
Warding map
Continuous iterative revisionist
Infrastructure as code
Open threat model format
Potential use cases
Open specification
Object attributes
Key differences
Unique Identifiers
Representations
Application Code
Trust Zones
Components
Data Flow
Threats
Mitigations
Component
Demo
Taught by
OWASP Foundation
Related Courses
-
DevSecOps Fundamentals
-
Evolving Threat Modeling Through the Open Threat Model Format
-
Practical Threat Modeling for Real-World and Cloud Situations in Hybrid Work Environments
-
Application Threat Modeling Implementation Tips and Tricks
-
Unlocking Threat Modeling - Participatory Session on Security Architecture Assessment
-
An Agile Approach to Threat Modeling for Securing Open Source Projects - EdgeX Foundry Case Study
