A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Threat Modeling for Realz - Bruce Potter Derbycon 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Threat Modeling for Realz
Bruce Potter
Derbycon 2014

Threat modeling is a core activity for “baking security in”. Understanding the threats against your system, how likely it is for these threats to be realized, the impact of a reaized threat, and how to defend against the threat is key to building a system that withstand the types of attacks you’re likely to care about. Unfortunately, threat modeling is a bit of a dark art; there are numerous ways to perform threat modeling, but very little pragmatic information regarding how to actually do the modeling and what do to once you’ve finished.This talk will provide an overview of threat modeling including existing processes, pros and cons of current methods, expected inputs and outcomes, and how to know when you’ve threat modeled enough. Further, this talk will present a hybrid threat modeling method derived from Microsoft’s SDL threat modeling process. This hybrid method is lighter weight and geared towards security professionals rather than developers but should result in similar outcomes and fidelity. Finally, this talk will examine further customizations that can be made to taylor the SDL process to suit your needs.

Back to Derbycon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast