Explore a comprehensive approach to integrating threat modeling into continuous development processes in this 31-minute conference talk from OWASP Global AppSec Tel Aviv. Learn how to adapt traditionally heavy threat modeling activities to the rapid pace of modern software development. Discover strategies for educating developers, reflecting the evolving state of systems, and developing a methodology that works in real-world product teams. Gain insights from Izar Tarandach, Lead Product Security Architect at Autodesk, as he shares experiences and best practices for implementing continuous threat modeling. Delve into topics such as building a baseline, teaching principles over formulas, creating a handbook, addressing challenges, and drawing valuable conclusions for improving security in fast-paced development environments.
Overview
Syllabus
Introduction
What were we looking for
Building a baseline
Teaching principles not formulas
The handbook
Problems
Conclusion
Taught by
OWASP Foundation
Related Courses
-
Threat Model Every Story - Practical Continuous Threat Modeling Work for Your Team
-
Bringing Rapid Prototyping to the Threat Model Process
-
The Best Flaw Didn't Make It Into Production - Addressing Security Gaps in Development
-
How Online Dating Made Me Better at Threat Modeling
-
The One Where We Threat Model During Development
-
Automating Architectural Risk Analysis with Open Threat Model Format
