1. InfoconDB
  2. DeepSec
  3. DeepSec 2019 „Internet of Facts and Fears“
  4. Lost in (DevOps) Space - Practical Approach for "Lightway" Threat Modeling as a Code

Lost in (DevOps) Space - Practical Approach for "Lightway" Threat Modeling as a Code

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration)

Threat Modeling is a main method to identify potential security weaknesses, and is an important part of any secure design. Threat Modeling provides a model to analyze how to best protect your assets, prevent attacks, harden your systems, and efficiently prioritize security investment. Regardless of programming language, Threat Modeling provides a far greater return than most other security techniques in the SDLC process. Therefore, Threat Modeling should be an early priority in application design process. Unfortunately, it is common knowledge that building a full threat model is always heavily resource intensive, requires a full team of expensive security professionals, takes up far too much time, and is not scailable. This talk will describe modern Threat Modeling methodology and practices that can be fully incorporated into your existing agile process. We will discuss how to architect a robust Threat Modeling framework to be part of an Secure SDLC approach.


Presenters:

  • Vitaly Davidoff - Citi Bank Security Innovations Lab TLV
    I have about 15 + years' experience as a developer and more than 7 years in the application security field. Applications Products Security Expert at Citi Bank Innovations Lab TLV Israel. In this position I am responsible to provide Application Security solutions for many products, including analyzing security risks in multidisciplinary systems according to the customer system characterization, defining required security controls to handle identified security threats, perform code and design reviews, threat modelling and many other activities. Certifications: CISSP, CSSLP

Links:

Similar Presentations: