Dive into a participatory conference talk from AppSec California 2016 that demystifies threat modeling. Explore the essential aspects of security assessment in system development, including risk evaluation, architectural decomposition, and appropriate architectural views. Engage with Distinguished Engineer Brook Schoenfield as he unravels the complexities of threat modeling, transforming it from a "black art" into an accessible practice. Gain insights into secure software development, security architecture, and the importance of context in threat assessment. Learn about various architectural components, message flows, and threat matrices while understanding the significance of business intelligence and identity services in the process. Discover how to approach input validation and configuration in the context of threat modeling for e-commerce and extranet systems.
Unlocking Threat Modeling - Participatory Session on Security Architecture Assessment
Overview
Syllabus
Introduction
Show me the money
Disclaimer
Expectations
Participatory
Design problem
Requirements
Mindshare
Architecture
Threat Modeling
Secure Software
Security Architecture
One hundred percent certainty
Context
Whats already in place
Data sensitivity
Top secret
No book of answers
Architectures
Architecture Cold Call
Application Server
Browser Protection
Configuration
App
Targets
Employee Net
Message Flow
Organization Purpose
Access
The Architecture
Ecommerce
Extranet
Process
Threat Matrix
Systems Objectives
Risk
Business Intelligence
Input Validation
Identity Services
Taught by
OWASP Foundation
