SecAppDev 2023 workshop details

Building secure systems with threat modeling

Learning goal: How to design a secure product with threat modeling. Share useful models to evoke insight and communicate with others. Inspire and convince others to collaborate on threat modeling in a continuous workflow.

Thursday June 15th, 09:00 - 17:30
Room Lemaire
Abstract

Threat Modeling is a structured methodology to efficiently analyze complex systems. This can help you identify weaknesses and prioritize appropriate countermeasures. But to maximize its effect, this must be an ongoing practice, not just a one-time activity, so we also introduce a more lightweight "value driven" approach for security-minded developers.

The threat modeling techniques taught in this workshop will guide you in contributing to your product's security, focusing on security features, and designing a secure product architecture.

Content overview
  • What is threat modeling? Why bother?
  • Universal principles: a common framework for threat modeling, best practices, and anti-patterns
  • Modeling basics: teaching you to draw diagrams!
  • Application decomposition: using a diagram to find important details and identify assumptions
  • Threat identification: recognize threats and other security issues that need attention.
  • Countermeasures: effective mitigation strategies
  • Retrospective: what signals to look for when reviewing a model
  • Lightweight approaches: Value driven approach to lightweight threat modeling
Content level

Deep-dive

Target audience

Product security teams, software architects, senior developers, and security champions. Folks who lead security processes and are responsible for getting others to participate – and those that want to.

Prerequisites

Familiarity with modern application architecture and software development processes. Some coding experience (any language) preferred, but not required

Technical requirements

Creativity and skepticism! (No need for laptop, we’ll be deep with pen & paper, and whiteboard & markers.)

Join us for SecAppDev. You will not regret it!

Avi Douglen
Avi Douglen

CEO, Bounce Security

Expertise: Product security, security processes, security tools, and threat modeling

More details

Join us for SecAppDev. You will not regret it!

Other workshops

SecAppDev offers the most in-depth content you will find in a conference setting