Overview
Explore a comprehensive approach to integrating threat modeling into continuous development processes in this 31-minute conference talk from OWASP Global AppSec Tel Aviv. Learn how to adapt traditionally heavy threat modeling activities to the rapid pace of modern software development. Discover strategies for educating developers, reflecting the evolving state of systems, and developing a methodology that works in real-world product teams. Gain insights from Izar Tarandach, Lead Product Security Architect at Autodesk, as he shares experiences and best practices for implementing continuous threat modeling. Delve into topics such as building a baseline, teaching principles over formulas, creating a handbook, addressing challenges, and drawing valuable conclusions for improving security in fast-paced development environments.
Syllabus
Introduction
What were we looking for
Building a baseline
Teaching principles not formulas
The handbook
Problems
Conclusion
Taught by
OWASP Foundation