Overview
Syllabus
intro
about jags
expectations
threat modelling
misconceptions about tm
agile threat modelling
owasp juice shop
before starting...
example: security objective
what do we want to accomplish? - scoping
example: scoping
what are we building? software-centric approach
example: data flow diagram
what can go wrong? - evil brainstorming
methodology. No 'best' way
spoofed identity
tampering with input
repudiation of action
information disclosure
denial of service
elevation of privilege
example: applying stride
what are we going to do about it? - prioritize
example: prioritize
mitigation
example: mitigation
did we do a good job? - reflect...
iterative threat modelling ...and repeat
ways of running the workshop
learn more
threat modelling in software development lifecycle
what was the mnemonic again?!?!
takeaways
Taught by
Conf42