Day 2 Session 01
Day 2 Session 01
Application Security
EMSC - IS
Introduction to Threat
Modeling
Threat Modeling
A systematic & structured security technique, used to identify the
security objectives, threats & vulnerabilities of an application, to
help make design and engineering decisions, and determine
where to prioritize efforts in designing, developing and deploying
secure applications
It's a day-to-day phenomenon for all of us :
Assets (e.g. Photos, Jewelry)
Architecture/Design of you home
Attackers (Burglary)
Threat Modeling
Threat modeling answers questions like :
“Where are the high-value assets?”
Less costly than adding mitigations and testing them after code
has been implemented and onwards
Who should Involved
Architect - The desire is to create a threat model early in the
design phase, to influence subsequent design decisions.
Trust boundaries
Elements
Elements
Cairis
Microsoft Threat Modeling Tool
OWASP Threat Dragon
https://www.microsoft.com/en-us/download/details.aspx?id=49168
Questions
[email protected]