Talk: Threat Modeling: uncover vulnerabilities without looking at code

Threat modeling is an approach for analyzing the security of an application. Threat modeling is a learned security skill where developers find security issues and mitigate the problems before writing a single line of code. Threat modeling consists of drawing a simple data flow diagram, analyzing the design for security threats using STRIDE, and mitigation of any found issues. The Instructor surveys available threat modeling tools that participants could use within their organizations to perform threat modeling.

This session begins with a short lecture covering the basics of threat modeling and the steps for successful threat modeling. Participants perform threat modeling on whiteboards in small teams for the majority of the session. At the conclusion, participants share their findings.