Learn threat modeling techniques to identify security weaknesses in system design through this comprehensive conference talk. Discover why 50% of security issues stem from design problems and how threat modeling can help uncover vulnerabilities that automated tools miss. Explore the process of analyzing systems, identifying missing security controls, and recognizing potential threats. Gain insights into when and how to perform threat modeling, including scoping, creating data flow diagrams, and rating threats. Master strategies for finding and mitigating various types of threats such as spoofing, tampering, and denial of service. Apply these valuable skills to enhance the security of your systems and prevent design-related vulnerabilities.
Overview
Syllabus
Introduction
What do you do
How do we know
There is no free lunch
Flaws and bugs
Benefits of threat modeling
A quote from a participant
Threat modeling
When to do threat modeling
How to do threat modeling
S scoping
Models are wrong
Generic documentation
granularity
data flow diagrams
data movement
identifying threats
rating threat boundaries
focusing on flaws
finding threats
spoofing
tampering
integrity
information disclosure
denial of service
elevation of privilege
external entities
resources
threat modeling tool
rating threats
mitigations
Summary
Recommendation
Taught by
NDC Conferences
