Hands On Threat Modeling Workshop
Presented by: Robert Hurlbut
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. Threat modeling should be part of your secure software design process. Using threat modeling and some principals of risk management, you can design software in a way that makes security one of the top goals, along with performance, scalability, reliability, and maintenance.
Objective: In this workshop, attendees will be introduced to Threat Modeling, learn how to conduct a Threat Modeling session, learn how to use practical strategies in finding Threats, learn how find realistic Countermeasures, and learn how to apply Risk Management in dealing with the threats.
This is a hands-on workshop. We will use whiteboards, Threat Modeling card games, look at some of the available Threat Modeling tools - all in order to get familiar with the latest approaches in Threat Modeling.