Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Value Driven Threat Modeling

OWASP Foundation via YouTube

Overview

Explore value-driven threat modeling techniques to efficiently embed secure design into product development from the start. Learn how development teams can protect applications and business value without extensive resources or time investment. Discover an agile approach to threat modeling that integrates with existing development cycles, minimizing risk and lowering security costs. Walk through example scenarios, understand how to incorporate this methodology into agile processes, and see how security professionals can productively participate in development by leveraging developers' habits. Gain insights from Avi Douglen, a seasoned software security consultant, as he presents at AppSecUSA 2018, covering topics such as STRIDE, attack trees, PASTA, and the OWASP Juice Shop project.

Syllabus

Intro
Summary
About Me
Classic Methodologies
STRIDE Per-Element
Attack Trees
P.A.S.T.A
Documentation?
Back to Basics
Reframing TM
Scope
For each feature: Find the value
Workflow
OWASP Juice Shop
Definition of Done
Acceptance Criteria
Security Unit Tests
Abuser Stories
Updated User Story Format
Threat Pyramid
Story Points Relative estimate of effort
Communication
Benefits over Classic TM
Limitations

Taught by

OWASP Foundation

Reviews

Start your review of Value Driven Threat Modeling

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.