| Track: | Threat Model |
|---|---|
| When: | Tue PM-3 |
| Where: | Kings |
| Organizers | Steven Wierckx Steven Wierckx |
| Participants | Adam Shostack Adam Shostack , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Fabien Thalgott Fabien Thalgott , Imran Chaudhari Imran Chaudhari , Luis Saiz Luis Saiz , Matt Pendlebury Matt Pendlebury , Naushad S Naushad S , Orid Ahmed Orid Ahmed , Ruben Tronçon Ruben Tronçon , Sara Davis Sara Davis , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris |
Why
Threat Modeling is useful to find design issues even before you’ve written a line of code, and that’s the best time to find those issues but… What can we learn doing a post-mortem of a security incident?
What
Many interesting questions may arise:
- The vulnerabilities that were exploited during the breach were identified as a use case of any Threat?
- Were there some countermeasures or security requirements that didn’t worked as expected?
Open discussion: How can we improve our Threat Modeling using a post-mortem of a Security Incident?
Outcomes
This Working Session will publish a document (white paper) gathering the conclussions.
Register as participant
To register as participant add Back to the future with Threat Modeling to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions