Application Security Weekly Subscribe

Application security, Security Program Controls/Technologies

What’s the Best Way to Threat Model? – Nick Selby – ASW #229

February 13, 2023

Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application/service is externally facing or for internal use only, it is mandatory to identify and understand the scope of potential cyber risks and threats it poses to the organization. But where and how do you start with an accurate threat model? Nick can discuss how to approach this and create a model that's useful to security and developers alike.

Segment Resources

https://github.com/trailofbits/publications/blob/master/reviews/2022-12-curl-threatmodel.pdf

Full episode and show notes

Announcements

We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Guest

Nick Selby

VP, Software Assurance Practice at Trail of Bits

An accomplished information and physical security professional, Nick leads the Software Assurance division of Trail Of Bits, giving customers in some of the world’s most targeted industries a comprehensive understanding of their security landscape, technology, and infrastructure.

Hosts

Tech Lead at Block

Application Security Engineer at Resilia

https://www.akirabrand.com

Senior Engineering Leader at AWS

Related

Application security

Autonomous – I don’t think that word means what you think it means – ESW #359

April 25, 2024

A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when ...

Application security

XZ & Open Source, PuTTY’s Private Keys, LeakyCLI, LLMs Writing Exploits – ASW #282

April 22, 2024

CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more!

Application security

Sustainable Funding of Open Source Tools – Simon Bennetts, Mark Curphey – ASW #282

April 22, 2024

How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu...