In this session we will take a look at the Threat Modeling process and how it can assist teams to become aware of Security weaknesses in the design stage of the development of systems or business applications. Performing the Threat modeling activities early in the design not only helps identify potential risks to the organization but give the solution developers a window into the Security processes defined by the organization. Threat Modeling is the proactive process of identifying potential risks and threats, then creating tests and countermeasures to respond to potential threats. It assists in answering those fundamental questions: Where are the high-value assets?”, “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “Is there an attack vector that might go unnoticed”? Threat Modeling is a major component that will assist in achieving Security goals within an organization thus delivering results to any Business that utilizes the Threat Model process.
- Threat Modeling definitions and why it's important to utilize
- Overview of the Threat Modeling process
- Using STRIDE & other Threat Model methodologies
- Performing a Threat Model exercise: diagramming, identifying threats & mitigations
Technical Level: Medium