Building Secure Applications: Threat Modeling for Dummies

Adam Englander (14.Sep.2018 at 10:00, 50 min)
Talk at Cascadia PHP (English - US)

Rating: 5 of 5

No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? What should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to integrate threat modeling into your existing application lifecycle. We’ll even walk through the process step by step as we threat model a live application. Start building secure applications today.

Who are you?

Claim talk

Talk claims have been moved to the new site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

Please note: you are not logged in and will be posting anonymously!
= four plus seven


Rating: 5 of 5

14.Sep.2018 at 11:41 by J.T. Grimes (22 comments)

Really enjoyed it. Felt like it provided a good checklist and approach for analyzing attack surfaces and prioritizing responses. Really appreciate "giving permission" for not fixing everything - always good to remind devs that "good enough" is, in fact, good enough.

Might be value in spending more time on who potential attackers are? How does protecting from internal attacks differ from defending against script kiddies?

Rating: 5 of 5

14.Sep.2018 at 12:30 by Steve Grunwell (135 comments) via Web2 LIVE

Really great talk that is equally inspiring and terrifying.

Rating: 5 of 5

14.Sep.2018 at 23:56 by Demin Yin (4 comments) via Web2 LIVE

Thanks for the great talk from Adam. We are web developers working on things publicly available to almost everyone, and it's always challenging to protect our web applications from attackers in the world every single day. Without proper security measuring, modeling and protection methodologies discussed in the talk, web products are vulnerable even you don't even notice it. Glad to hear about threat modeling and related tools in the speech making our development processes more secure than ever, and brainstorm me while building web services for our products.

© 2018