Senior Application Security Engineer Fortis Games Western University, London, ON, Canada, Canada
Unlock the secrets of Threat Modeling (TM) by delving into the four phases of the TM lifecycle, intricately aligned with SDLC phases. Demystify the STRIDE TM Framework as it takes center stage in our presentation, and gain insights into how TM stands distinct from risk assessment.
In this session, we'll discuss the real-world use case of an application architecture diagram with third-party components, gRPC, and REST APIs, as we construct a Threat Model right before your eyes. Attendees will understand the nuances of identifying and mitigating threats in a complex system.
Together, we will uncover the strategic mapping between STRIDE and OWASP's Top 10 vulnerabilities, illustrating how this alignment serves for swift threat and mitigation identification.
Finally, we will experience a live demonstration of Threat Modeling tools, i.e. Microsoft's Threat Modeling tool and OWASP Threat Dragon.
Learning Objectives:
Use STRIDE to create a threat model of your application architecture.
Learn to use at least one threat modeling tool effectively out of (1) Microsoft Threat Modeling Tool (2) OWASP Threat Dragon (3) IriusRisk.
Define the difference between threat modeling and risk assessment.
