To view a recording of this session Get Adobe Flash player

Dr. Bart De Win

Bart De Win has over 15 years of experience in software security. He has an extensive background in the field, including his Ph.D. and research work on methods and techniques for software protection.  Since 2009, Bart has been responsible for all application security services within Ascure & PwC Belgium.  He has extensive project experience in software testing and in assisting companies improving their secure software development practices. 

 

Bart is member of the OWASP Belgium Chapter board and he is a co-leader of the OpenSAMM Software Assurance Model. Bart is SABSA, Prince 2 and CSSLP certified.

 


 description

Threat modeling

Learning objectives

 

  • understand the key concepts: threat, vulnerability and countermeasure
  • be familiar with the most important categories of threats
  • understand the relation between threats and security requirements
  • master the process of threat modeling

 

Overview

Security is about reducing the risk that an organization's assets are exposed to. Risk is reduced by countering the various threats to those assets. Hence, understanding the nature of the threats that a particular software system is subject to, is key to securing that software system. Threat modeling is an activity in the development process of a software system, that tries to systematically identify and document possible threats.

In this module we elaborate on the process of threat modeling. First we define the notion of threat and illustrate it with examples. We discuss the most important categories of threats in a software system, and discuss systematic techniques for discovering and documenting threats, leading to a threat model. Microsoft's STRIDE is discussed as a representative threat modeling methodology.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS STREWS
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.