SecAppDev 2023 - Threat modeling
Machine learning security
OWASP top 10
Supply chain security
Building secure systems with threat modeling
One-day workshop by Avi Douglen in room Lemaire
Thursday June 15th, 09:00 - 17:30
Threat Modeling is a structured methodology to efficiently analyze complex systems. This can help you identify weaknesses and prioritize appropriate countermeasures. But to maximize its effect, this must be an ongoing practice, not just a one-time activity, so we also introduce a more lightweight "value driven" approach for security-minded developers.
The threat modeling techniques taught in this workshop will guide you in contributing to your product's security, focusing on security features, and designing a secure product architecture.
Learning goal: How to design a secure product with threat modeling. Share useful models to evoke insight and communicate with others. Inspire and convince others to collaborate on threat modeling in a continuous workflow.
Introductory lecture by Gary McGraw in room West Wing
Wednesday June 14th, 11:00 - 12:30
This session covers 42 things about appsec. SIX software security zombies. TEN software security flaws. SEVEN software security myths. SEVEN startup lessons. FOUR CISO tribes. SEVEN things I learned in 21 years. Oh, and ONE BONUS THING.
Key takeaway: A treasure trove of advice based on the experience of a pioneer in the field of software security, or "42 things" in short
How to avoid the top ten software security flaws
Introductory lecture by Gary McGraw in room Lemaire
Tuesday June 13th, 11:00 - 12:30
Only 50% of software security defects are bugs. The other half are flaws in the design. This session builds on work from IEEE, Google, Twitter, Harvard, & others to present the top 10 security flaws along with guidelines to avoid them.
Key takeaway: A security top 10, but not as you know it. In this session, we explore the top 10 design flaws, along with guidelines on avoiding them in your applications.