Explore the Rapid Threat Model Prototyping (RTMP) process in this 34-minute OWASP Global AppSec Tel Aviv conference talk. Learn how to accelerate software threat analysis tenfold in fast-paced Agile/DevOps environments. Discover techniques for building security into software design, identifying high-threat areas, and removing flaws before coding begins. Gain insights into just-in-time design processes, automated analysis workflows, and effective threat modeling strategies. Understand the challenges of traditional threat modeling in continuous integration environments and how RTMP addresses these issues. Delve into topics such as security frameworks, mitigations, dataflow diagrams, and mitigation patterns to enhance your approach to software security.
Bringing Rapid Prototyping to the Threat Model Process
Overview
Syllabus
Introduction
Who am I
How projects go nuclear
Visa
What Should Threat Modeling Do
Flaws vs Bugs
Solution Design
Security Framework
Mitigations
Dataflow Diagrams
The Final Sprint
Emergent Design
Open Sam
Rapid Prototype
Rapid Prototyping
Planning
Data Flow Diagram
Project Overview
Elevation of Privilege
Sprint Zero
Example
Defense
Rule of Thumb
Ranking Components
Create
Rules
Zone Math
State Case
Mitigation Patterns
Taught by
OWASP Foundation
