Global AppSec San Francisco 2022

Threat modeling is a critical part of securing our systems. Normally, we reserve threat modeling for architects and system designers in the early stages of a Software Development Lifecycle (SDLC). However, developers have a crucial role to play as well since they have a much deeper understanding of how the system is constructed. In fact, developers can help architects and system designers better understand nuances which may impact recommended countermeasures. However, many developers struggle with threat modeling. Part of this is due to a lack of threat modeling knowledge and part is due to the pressure at which developers need to release. We need to get past this impasse. This practical talk is intended to help developers who already understand how to code well but want to better understand how to incorporate threat modeling into their daily coding activities in a way that adds tremendous value to other stakeholders in the SDLC.

Dates

Author

Conferences

Tags

Developer Centric Threat Modeling

tldr - powered by Generative AI