Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Threat Modeling - A Brief History and the Unified Approach at Intuit

OWASP Foundation via YouTube

Overview

Explore the evolution and unified approach of threat modeling at Intuit in this 40-minute conference talk from AppSecEU 2014. Gain insights into the software design analysis method that identifies security weaknesses by comparing software design views against potential attackers. Learn about Intuit's journey from STRIDE-based methodology to the Unified Threat Modeling approach, developed in collaboration with Cigital. Discover how this new method addresses previous drawbacks, including time constraints and difficulty in modeling various threat agents. Understand the key components of Unified Threat Modeling, such as asset identification, attacker profiling, and control documentation. Examine the application of this approach to both software architecture and system deployments through System Threat Modeling and Protocol Threat Modeling techniques. Benefit from the expertise of speakers Scott Matsumoto, Principal Consultant at Cigital, and Tin Zaw, Staff Software Engineer at Intuit, as they share their experiences and insights on improving software security through effective threat modeling practices.

Syllabus

Introduction
Agenda
Background
Program Elements
Threat Modeling Approach
System Diagram
System Model
Simplified Model
Common Language
Threat Table
Classroom
Challenges
Flaws
Protocol Threat Modeling
Next Steps
Training
Threat actors
Metrics

Taught by

OWASP Foundation

Reviews

Start your review of Threat Modeling - A Brief History and the Unified Approach at Intuit

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.