Play all

intro

about jags

expectations

threat modelling

misconceptions about tm

agile threat modelling

owasp juice shop

before starting...

example: security objective

what do we want to accomplish? - scoping

example: scoping

what are we building? software-centric approach

example: data flow diagram

what can go wrong? - evil brainstorming

methodology. No 'best' way

spoofed identity

tampering with input

repudiation of action

information disclosure

denial of service

elevation of privilege

example: applying stride

what are we going to do about it? - prioritize

example: prioritize

mitigation

example: mitigation

did we do a good job? - reflect...

iterative threat modelling ...and repeat

ways of running the workshop

learn more

threat modelling in software development lifecycle

what was the mnemonic again?!?!

takeaways

Description:

Explore iterative threat modeling techniques for enhancing security in agile development processes in this conference talk from Conf42 DevSecOps 2023. Gain insights into common misconceptions about threat modeling, learn how to apply agile principles to security practices, and understand the STRIDE methodology for identifying potential threats. Discover practical examples using the OWASP Juice Shop project, covering key steps such as defining security objectives, scoping, creating data flow diagrams, and prioritizing risks. Delve into mitigation strategies, reflection techniques, and various workshop formats for implementing threat modeling in your software development lifecycle. Walk away with valuable takeaways and resources to further your knowledge in this critical aspect of DevSecOps.

Iterative Threat Modelling - Security in Agile Development

Conf42

Add to list

#Information Security (InfoSec) #Cybersecurity #Threat Modeling #DevSecOps #Computer Science #Software Engineering #Agile Development #Web Security #OWASP Juice Shop #STRIDE