Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Topics of Interest - Agile Threat Modeling with Open-Source Tools

OWASP Foundation via YouTube

Overview

Explore agile threat modeling techniques using open-source tools in this 30-minute OWASP Foundation talk. Learn how to capture the risk landscape of agile projects efficiently and maintain a living threat model with the Threagile toolkit. Discover the benefits of "Threat-Model-as-Code" in DevSecOps, enabling continuous risk assessment throughout project evolution. Gain insights into using Threagile's command-line tool or server with REST-API to process YAML input files, execute over 40 built-in risk rules, and generate comprehensive diagrams, reports, and mitigation recommendations. Understand how to integrate threat modeling seamlessly into agile development processes, create and edit models in developer IDEs, and leverage features like model macros, GitHub integration, and custom risk rules. Delve into topics such as STRIDE classification, relative attacker attractiveness, data breach probabilities, and risk tracking within YAML files.

Syllabus

Intro
Threat Models as Code?
Benefits of Code
Drawbacks of Code
Threagile - Agile Threat Modeling Toolkit
First Steps with Threagile Create either a minimal stub model or a filed example model
Example Model: Data Assets
Example Model: Communication Links
Example Model: Trust Boundaries
Execute a Threagile Run Processes the YAML model file
Model Graph Generation (Data Flows)
PDF & Excel Report Generation
STRIDE Classification of Risks
Assignment by Function
Relative Attacker Attractiveness (RAA)
Data Breach Probabilities (DBP)
Risk Mitigation Recommendations
Risk Instances by vulnerability & by tech as
Detail Results as JSON
Risk Rules -40 and constantly growing
Custom Risk Rules (plugin interface)
Editing Support in IDES Schema for YAML input available Enables syntax validation error flagging & auto-completion
Risk Tracking inside YAML file by Risk-1
What About Bigger Models?
Model Macros: Interactive Wizards Interactive wizards reading existing models and modify/enhance them
GitHub Integration (as workflow action)
Possible Effects
Upcoming Features currently in developme

Taught by

OWASP Foundation

Reviews

Start your review of Topics of Interest - Agile Threat Modeling with Open-Source Tools

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.