Back to the future with Threat Modeling

Track: Threat Model
When: Tue PM-3
Where: Kings
Organizers Steven Wierckx Steven Wierckx
Participants Adam Shostack Adam Shostack , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Fabien Thalgott Fabien Thalgott , Imran Chaudhari Imran Chaudhari , Luis Saiz Luis Saiz , Matt Pendlebury Matt Pendlebury , Naushad S Naushad S , Orid Ahmed Orid Ahmed , Ruben Tronçon Ruben Tronçon , Sara Davis Sara Davis , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris

Why

Threat Modeling is useful to find design issues even before you’ve written a line of code, and that’s the best time to find those issues but… What can we learn doing a post-mortem of a security incident?

What

Many interesting questions may arise:

  • The vulnerabilities that were exploited during the breach were identified as a use case of any Threat?
  • Were there some countermeasures or security requirements that didn’t worked as expected?

Open discussion: How can we improve our Threat Modeling using a post-mortem of a Security Incident?

Outcomes

This Working Session will publish a document (white paper) gathering the conclussions.

Register as participant

To register as participant add Back to the future with Threat Modeling to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions