|Organizers||Stephen de Vries Stephen de Vries|
|Participants||Stephen de Vries, Paul Santapau , Adam Shostack Adam Shostack , Tony Richards Tony Richards , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Fraser Scott Fraser Scott , Luis Saiz Luis Saiz , Ruben Tronçon Ruben Tronçon , Sara Davis Sara Davis , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris|
Threat Modeling architectural changes through STRIDE is well established. But many agile teams need to threat model code changes to an existing application, which typically does not involve large architectural changes. STRIDE can be used for this too - but if we narrow the scope to only web apps and APIs, can we find a more specific version of STRIDE that’s easier for non-experts to use?
STRIDE is already essentially a questionnaire, e.g. “Can an attacker spoof their identity to impersonate a different user?” With the scope of this questionnaire narrowed to only web apps and APIs, can we ask more specific questions that are easier to answer?
Can we provide more specific advise on the countermeasures to implement?
An article that describes the: - Questions to ask - Associated threats and recommended countermeasures
Register as participant
To register as participant add
How to Threat Model Features with Questionnaires to either:
sessionsmetadata field from your participant's page (find your participant page and look for the edit link).
- or the
participantsmetadata field from this git session page
Back to list of all Working Sessions