March 9-11, 2011
Montreal, Canada

Threat Modeling: detecting threats before coding

Participants who attended the Confoo 2010 security track learned several activities for reducing risks in web applications.

This talk entirely focuses on threat analysis & modeling (TAM) for developers and architects. TAM is a security activity conducted early in the development lifecycle, when we only have ideas, early design specifications and no source code is produced yet.

If conducted correctly, TAM can be highly cost-effective as all changes in the project are applied before the coding phase.

Participants will learn the basics of TAM:
- Understanding major threats in web applications
- Drawing data-flow-diagrams the fast and efficient way
- Locating critical assets in the application, and their security requirements
- Identifying threats and appropriate countermeasures
- Modifying the project design and specifications accordingly

The talk is "hands-on": participants will be working on a model based on a famous multi-million users web application.

View all 146 sessions

Antonio Fontes

OWASP Switzerland

Antonio Fontes has over ten years experience in the software and information security industry. He is an active member of the OWASP Switzerland board and has contributed to several open projects such as the "CWE Top 25 most dangerous programming errors." His day job involves assisting both public and private organizations in increasing security visibility and control over their software, such as with dev training, threat modeling, design review, code reviews, penetration testing, etc.

Read More

Comments

Please remain courteous and constructive. Comments will be moderated.

Montreal 2011 sponsored by