Overview
Syllabus
Robert Hurlbut
Secure Software Design
What is threat modeling?
Threat modeling helps ...
Where does threat modeling fit?
Definitions
Typical Threat Modeling Session
Simple Tools
Simple Threat Model - One Page
Threat Model Sample Worksheet
Review Security Principles
IEEE Computer Society's Center for Secure Design Take a look at
Threat Modeling Process
Draw your picture
Understand the system
STRIDE Framework – Data Flow Threat
OWASP Cornucopia
Identify Threats - Functional
Identity Threats - Ask Questions
One of the best questions ...
Scenario - Configuration Management
Determine mitigations and risks
Risk Rating - Ease of Exploitation
Risk Rating - Business Impact
Example - Medium Risk Threat
Follow through
Your challenge
Resources - Tools
Questions?