DevOps, Attack surface mgmt, Attack simulation, Security Research

Threat Modeling Deep Dive – ASW #131

November 23, 2020

We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the “what could go wrong” discussion with DevOps teams? And what’s a sign that we’re generating useful threat models? Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Threat Modeling Deep Dive

Articles
- https://www.threatmodelingmanifesto.org
- https://securityboulevard.com/2020/05/data-security-and-threat-models/
- https://speakerdeck.com/abhaybhargav/agile-threat-modeling-as-code

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Adrian Sanabria Adrian Sanabria - Senior Research Engineer[/caption] [caption id="attachment_210" align="alignleft" width="120"]John Kinsella John Kinsella - Chief Architect[/caption] [caption id="attachment_210" align="alignleft" width="120"]Mike Shema Mike Shema - Product Security Lead[/caption]

Announcements

  • In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

[audio src="http://traffic.libsyn.com/sw-all/ASW_131-_Threat_Modeling_Discussion-0_converted.mp3"]
prestitial ad