Threat Modeling Made Interactive - Using Poirot for Dynamic Security Analysis

Explore an interactive approach to threat modeling in this conference talk from AppSecUSA 2014. Learn how to identify potential security threats early in the development process and build effective mitigations into your system. Discover Poirot, a tool designed to assist developers in modeling and analyzing system security during the design phase. Understand how Poirot allows you to specify your system and desired security policies, perform automatic analysis to generate potential attacks, and interactively modify the system model to assess the impact of changes. See demonstrations of Poirot applied to web applications, and gain insights into its strengths and limitations. The talk covers the importance of threat modeling, challenges in existing techniques, and how Poirot's dynamic approach and built-in threat database can enhance the modeling process. Delve into topics such as security policy verification, impact assessment of design decisions, and the use of software verification for exhaustive analysis.