Overview
The security community is great at finding problems! We can use threat modeling in a real world "system": our community. We'll see how it can be abused or exploited, focusing on social conflicts in a vulnerable community. Importantly, we’ll talk about what we should do to build a safer community.
Outline
- Intro to Threat Modeling - From My Perspective
- A different interpretation of STRIDE
- What is a ""community""? / Modeling a community
- A Model of Social Threats
- Countermeasures
- Calls to Action
- Summary
Slides
About the speaker
AviD has been building applications for security for decades, and is obsessed with maximizing value output from security efforts since originally building threat models at Microsoft over 15 years ago. Avi is the founder and CEO of Bounce Security, a boutique consulting agency dedicated to helping developers integrate security efficiently into their workflows. He is a frequent speaker and trainer, and has trained thousands of developers to build more secure products. Avi is an active contributor to open source communities, including leading the OWASP Israel chapter, created the incredibly popular AppSec Israel security conference, co-founded the OWASP Threat Modeling project, and currently serving on the OWASP Global Board of Directors. He is also a community moderator on https://Security.StackExchange.com/, and co-authored the Threat Modeling Manifesto https://www.threatmodelingmanifesto.org/.