Cloud Security Engineering: Applied Threat Modeling

Logo
Presented by

Richard Tychansky, Security Architect

About this talk

In this workshop, participants will learn how to apply threat modeling concepts to cloud-native application architectures to expose attack surfaces. Our case study will be a cloud-native SaaS, multi-tenant application running in AWS. We will be applying attack methodologies from the open source community and attack libraries from Mitre (e.g., ATT&CK, CAPEC), as well as from the Common Architectural Weaknesses and Exposures (CAWE) taxonomy. Participants will each produce a working threat model. We will use publically available tools for the threat modeling exercise to uncover application design defects that can be exploited. Our goal is to understand how cloud-native applications work holistically and to dive deep into topics such as: container orchestration; micro services; advanced authentication; secrets management; and data processing risks. Learning objectives: 1. Demonstrate advanced threat modeling skills that are necessary to analyze cloud-native applications. 2. Define the attack surface for a SaaS multi-tenant application. 3. Conduct advanced attack simulations on a cloud-native architecture to validate findings and remediation efforts.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (107)
Subscribers (21171)
(ISC)² Security Congress channel contains digital content of activities at (ISC)2's Flagship conference event. You'll find keynotes, sessions and related items.