Threat Modeling – Locking the Door on Vulnerabilities

Logo
Presented by

Ed Adams, CEO by day, engineer at heart

About this talk

Did you lock the door before leaving your house this morning? If you did, you threat modeled without even realizing it. Threat modeling is identifying potential threats (house robbery) and implementing measures to mitigate the risk (locking your door). Protecting valuable assets, no matter if personal assets or business-related assets such as the software you are developing, threat modeling should become an instinctual and necessary part of your process. Our talk highlights how nearly 50% of security flaws can be mitigated through threat modeling. We help you prevent and mitigate risks by utilizing a reliable and hard-hitting analysis technique that can be applied to individual applications or across an entire portfolio. We show you how to effectively apply these techniques at the start of the design phase and throughout every phase of the development lifecycle so you can maximize the ROI of your security efforts. Topics covered include: • Threat Modeling 101 • The propagating effect of poor design • Tabletop exercise – a world with and without threat modeling • Best practices and metrics for every stakeholder
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (70)
Subscribers (14887)
Security Innovation is an authority on software security and helps organizations build and deploy more secure software. Global technology vendors and enterprise IT organizations such as Microsoft, IBM, FedEx, ING, Symantec, Coca-Cola and GE rely on our expertise to understand the security risks in their software systems and facilitate the software and process change necessary to mitigate them. Security Innovation specializes in software security, an area where traditional “information security” and “business” consultants tend to struggle. We have been analyzing application vulnerabilities and risk for almost a decade and were one of the first providers of software risk solutions to Fortune 500 firms. Our unrivaled proficiency in technical analysis, coupled with sound knowledge of business processes, results in world-class solutions that bridge the gap between application security holes and risk management optimization.