Overview
This talk introduced a framework developed by Edouard Stoka and his team to compare state-of-the-art threat modeling tools as part of a previous RFP process. The team created the framework to analyze the ability of different threat modeling tools to detect vulnerabilities that were previously identified through classic STRIDELM by dozens of trained teams. The talk also highlighted the type and percentage of vulnerabilities that cannot be identified by tools.
Slides
About the speaker
Edouard Stoka is an expert in application security architecture, governance and threat Modeling. Most currently, he is a senior application security architect in ADP, responsible for providing consulting services to Product Development teams covering architecture design reviews, SDLC and secure coding best practices and supporting the Secure by Design program by delivering Threat Modeling training and assistance. Edouard started his career in consulting firms as an IT Engineer and Project Manager for clients including HSBC and British Petroleum. In 2008, he joined BNP Paribas Bank as Application Architect and Project Manager with a focus on banking dematerialization solutions (digital marketing, payment systems, online banking, Lyf Pay and Paypal integration), covering architecture design, regulatory requirements (including data privacy), application security, and large projects management.
Edouard has an Information Technology Engineer degree and a Specialized Master's degree in Forensic and Cybersecurity with a thesis on Application Threat Modeling: methodologies and tools in the SSDLC applied to large organizations.