Threat Modeling in 2018: Attacks, Impacts and Other Updates

Presented at Black Hat USA 2018, Aug. 8, 2018, 2:40 p.m. (50 minutes)

Attacks always get better, and that means your threat modeling needs to evolve. This talk looks at what's new and important in threat modeling, organizes it into a simple conceptual framework, and makes it actionable. This includes new properties of systems being attacked, new attack techniques (like biometrics confused by LEDs) and a growing importance of threats to and/or through social media platforms and features. Take home ways to ensure your security engineering and threat modeling practices are up-to-date.

Presenters:

• Adam Shostack - President, Shostack & Associates
  Adam Shostack is a consultant, entrepreneur, technologist, author and game designer. He's a member of the Black Hat Review Board, and helped found the CVE and many other things. He's currently helping a variety of organizations improve their security, and advising startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

Links:

• https://www.blackhat.com/us-18/briefings/schedule/#threat-modeling-in-2018-attacks-impacts-and-other-updates-10827
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2018/Threat Modeling in 2018 - Attacks, Impacts and Other Updates.mp4
• https://www.youtube.com/watch?v=DMFF8zQqEVQ

Similar Presentations:

• BSidesDC 2017 / Real World Threat Modeling (CLASS)
• ToorCamp 2018 / Threat Modeling
• SOURCE Seattle 2017 / Threat Modeling