logo
allArticlesConferencesPresentations

Developer Centric Threat Modeling

Conference:  Global AppSec San Francisco 2022

2022-11-17

Authors:   Altaz Valani

Summary

The importance of threat modeling in cybersecurity and the need for developers to prioritize security in their projects
  • Developers often prioritize functional aspects over security in their projects, but security should be given equal importance
  • Threat modeling is a continuous learning experience that requires effort and investment
  • Developers should use the search modeling approach to understand potential risks and prevent attacks
  • Experience is fundamental in threat modeling and developers should apply it to real-life scenarios
  • Investing in security allows for the reduction of potential losses as a result of a compromise of the solution
Simone emphasizes the need for developers to prioritize security in their projects and invest in threat modeling. He notes that while security is expensive, it is necessary to reduce potential losses as a result of a compromise of the solution. Simone suggests that developers use the search modeling approach to understand potential risks and prevent attacks. He also emphasizes the importance of experience in threat modeling and encourages developers to apply it to real-life scenarios.

Abstract

Threat modeling is a critical part of securing our systems. Normally, we reserve threat modeling for architects and system designers in the early stages of a Software Development Lifecycle (SDLC). However, developers have a crucial role to play as well since they have a much deeper understanding of how the system is constructed. In fact, developers can help architects and system designers better understand nuances which may impact recommended countermeasures. However, many developers struggle with threat modeling. Part of this is due to a lack of threat modeling knowledge and part is due to the pressure at which developers need to release. We need to get past this impasse. This practical talk is intended to help developers who already understand how to code well but want to better understand how to incorporate threat modeling into their daily coding activities in a way that adds tremendous value to other stakeholders in the SDLC.
Materials:
Tags:
Threat Modeling
SDLC
architects
system designers
Developers

Post a comment

Related work

A Taste of Privacy Threat Modeling

Conference:  Global AppSec Dublin 2023
Authors: Kim Wuyts
2023-02-15

Get On With The Program: Threat Modeling In and For Your Organization

Conference:  Global AppSec Dublin 2023
Authors: Izar Tarandach
2023-02-16

Sponsored Keynote: Total Clarity on Your Application Security

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Guillaume Sauvage de Saint Marc
2023-04-20

Panel Discussion: Cloud Native Networking State of the Union

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Rags Srinivas, Tim Hockin, Alyssa Wilk, Christian Posta, Lin Sun

🦝 RBAC to the Future: Untangling Authorization in Kubernetes

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Jimmy Mesta
2023-04-19

Narrow – SCA Reachability Analysis without the Effort

Conference:  Global AppSec Dublin 2023
Authors: Josiah Bruner
2023-02-15