A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Is Threat Modeling for Me? - (BSides Boston 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Is Threat Modeling for Me?

Robert Hurlbut

BSides Boston 2015

Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. Yet, often many software shops either skip the important step of threat modeling in secure software design or, after creating pretty diagrams, forget the models to do the "real work" of writing software without understanding potential problems. Based on last year's excellent book on Threat Modeling: Designing for Security by Adam Shostack, this session introduces threat modeling and creating threat models as a part of secure software design. We will also cover how to track threat models and some strategies for applying risk management in dealing with the threats.

Bio: Robert Hurlbut, CSSLP, is an independent software and security consultant, developer, speaker, and trainer. Robert specializes in developing custom software business solutions for many industries, and provides secure code reviews and other software security assistance to companies. He has spoken at national and international conferences on various software security topics.

Back to BSides Boston 2015 list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast