Overview
Syllabus
Introduction
What do you do
How do we know
There is no free lunch
Flaws and bugs
Benefits of threat modeling
A quote from a participant
Threat modeling
When to do threat modeling
How to do threat modeling
S scoping
Models are wrong
Generic documentation
granularity
data flow diagrams
data movement
identifying threats
rating threat boundaries
focusing on flaws
finding threats
spoofing
tampering
integrity
information disclosure
denial of service
elevation of privilege
external entities
resources
threat modeling tool
rating threats
mitigations
Summary
Recommendation
Taught by
NDC Conferences