Play all

Intro

Today's Threat Modeling Theme

What is a Threat?

Threat Example - Mobile Architecture

Anatomy of an Attack

Threat Traceability Matrix

Elements of a Threat Model

Simplified Threat Modeling Framework

Diagram Software Architecture

Enumerate Attack Surface(s)

Each User Class Becomes a Threat

Malicious Intent Creates New Threat

Visualize Normal Users as Threats

Re-consider Attack Surface(s)

Capture 'Who', 'Where', and 'What'

Illuminate Assets

Illuminate Trust Boundaries

Postulate Attacks Against Assets

Evaluate Impact

Mitigate

7+1 Threat Modeling Steps

Acting on Threat Modeling Results

Simplifying Threat Modeling

Description:

Explore a simplified approach to threat modeling in this 44-minute conference talk from LASCON 2012. Learn about the anatomy of an attack, threat traceability matrix, and elements of a threat model. Discover a streamlined framework for threat modeling, including steps to diagram software architecture, enumerate attack surfaces, and visualize users as potential threats. Gain insights on illuminating assets and trust boundaries, postulating attacks against assets, evaluating impact, and implementing mitigation strategies. Understand how to act on threat modeling results and simplify the overall process to enhance your cybersecurity practices.

Simplifying Threat Modeling

LASCON

Add to list

#Conference Talks #LASCON #Information Security (InfoSec) #Cybersecurity #Business #Corporate Governance #Risk Management #Computer Science #Software Engineering #Software Architecture #Threat Modeling #Attack Surface Analysis

0:00 / 0:00