Overview
Threat modeling is a way of thinking about what can go wrong and how to prevent it. Instinctively, we all think this way in regard to our own personal security and safety. When it comes to building or evaluating information systems, we need to develop a similar mindset - a Threat Modeling Mindset.
Outline
- Understanding a system
- Identifying threats and vulnerabilitiesÂ
- Determining mitigationsÂ
- Applying the mitigations through risk management
Â
Â
Slides
Handout
Â
About the speaker
Robert Hurlbut is a Principal Application Security Architect / Threat Modeling Lead at Aquia, Inc. Robert has 30 years of industry experience in secure coding, software architecture, and software security. He speaks at user groups, national and international conferences, and provides training for many clients. Robert is a co-author of the Threat Modeling Manifesto (https://threatmodelingmanifesto.org). You can find Robert on Twitter at https://twitter.com/roberthurlbut and as a co-host for the Application Security Podcast at https://podcasts.apple.com/us/podcast/the-application-security-podcast/id1154351685.