Nearly every day we hear about another compromise of a system that involves a breakdown of security. In many cases, the reason for compromise can be traced back to vulnerabilities that were not found or understood and not mitigated. The attacker(s) used those vulnerabilities to carry out threats against the system.
Threat modeling is a way of thinking about what can go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building or evaluating application security, we need to develop a similar mindset. In this session, you'll learn practical strategies to develop a threat modeling mindset by: understanding a system, identifying threats, identifying vulnerabilities, determining mitigations and applying the mitigations through risk management.
Robert Hurlbut is an independent software security consultant, architect, developer, and trainer through Robert Hurlbut Consulting Services. Robert is a Microsoft MVP for Developer Security and holds the (ISC)2 CSSLP certification. Robert has 30 years of industry experience in software security, software architecture, and software development and enjoys working with teams to help solve tough application security challenges.