Agile Threat Modeling

Duration: 1 day

Description:

Approximately 50% of threats in a system are related to architecture and design, so companies should act proactively at this point.

Thread modeling is a methodical approach that uses attack scenarios to identify threats in the system design that lead to real-life consequences for the system or business.

Under the pressure of digital transformation, the temptation for business managers/product owners to continuously deliver technical features is great.

However, security is also a permanently required feature and quality goal that customers expect and deserve.

In the workshop, the participant will be introduced to the approach according to the proven STRIDE method in a clear and comprehensible way with a mix of theory and practical exercises using show cases.

The workshop concludes with the participants learning how to make threat modeling attractive to employees who are not so security-savvy by using playful elements in the form of a card game.

Content:

• Get to know Secure Design principles

• Participants gain basic theoretical knowledge and based on this methodological knowledge in order to carry out a risk assessment of (web) systems

• Threat Modeling as a method to discover design vulnerabilities

• Create awareness of high cost and effort to fix design vulnerabilities

• Getting to know gamification elements

• Tips and tricks for applying threat modeling in practice

Target group:

Developers, architects and DevOps engineers, but also product managers and IT security architects with a basic understanding of IT architectures.