SecAppDev 2025 - Threat modeling

Large Language Models (LLMs) open up a new realm of possibilities in application development, but they also pose significant challenges. Their non-deterministic nature and broad use cases complicate testing, while unpredictable failures (“hallucinations”) and novel attack vectors (“prompt injections”) add risk.

This workshop covers LLM-based applications, highlights unique threats, and offers hands-on testing and hardening techniques. Attendees will learn to set up and secure basic LLM-driven solutions in their organizations.

Learning goal: Learn how LLM applications work and are architected, the unique security challenges they introduce, and the current best practices in LLM security—along with their limitations.

Most developers don't think of protection against domestic abusers as part of a product's security and they should.

Key takeaway: The intimate partner abuse threat model is different other models in important and unexpected ways.

Threat modeling by yourself is great - noone is there to tell you you're wrong. But if you want to discover nontrivial issues, the ones you'd not have on your checklist, you'll need to engage with others. But too often we chase them away.

Key takeaway: Threat modeling is not JUST a technical activity, and should intentionally leverage social techniques to maximize stakeholders participation.

Continuous Threat Modeling for Developers. They're creating the problems, let them create the solution! No, really - enable them to see the security value of the stories they work on, what could go wrong, and what to do about them.

Key takeaway: Threat Modeling should not be a one-shot-and-done activity by security experts. It needs to be continuous, at the developer level.