Using a Rules Engine and Risk Patterns with IriusRisk

Track: Threat Model
When: Mon Eve-1
Where: Threat Modeling
Organizers Stephen de Vries Stephen de Vries , Paúl Santapau Paúl Santapau , Jorge Esperón
Participants Toby Shelswell Toby Shelswell , Steven Wierckx Steven Wierckx , Adam Shostack Adam Shostack , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , Fabien Thalgott Fabien Thalgott , Luis Saiz Luis Saiz , Stephen Hookings Stephen Hookings , Tash Norris Tash Norris
Remote Participants Ernesto Bethencourt Ernesto Bethencourt


IriusRisk provides its own approach to Threat Modeling. A Questionnaire based implementation linked to a Rules Engine, gives IriusRisk the power of scaling the Threat Modeling activity in an easy way. Integration with external tools (Issue Trackers, SAST, DAST, Testing frameworks, etc.) makes the follow up of those models an easy tasks as well.


During this session we’ll drive the attendants through the IriusRisk approach and the main core features of the solution.


The target audience for this Working Session is: - Developers - Security professionals - DevSecOps - Security champions