SATURN 2020 has ended
Back To Schedule
Wednesday, May 13 • 1:00pm - 2:30pm
What Could Go Wrong? A Threat-Modeling Crash Course

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
During this workshop we will give a crash course in threat modeling. Threat modeling is a structured activity for identifying and evaluating application threats and design flaws. You use the identified flaws to adapt your design, and scope your security testing. Threat modeling allows you to consider, identify, and discuss the security implications of user stories in a structured fashion, and in the context of their planned operational environment.

This threat modeling workshop will teach you to perform threat modeling through a series of exercises, where our trainer will guide you through the different stages of a practical threat model based on an Amazon Web Services (AWS) and microservices migration from a classical web application. At the end of the workshop we will create a complete threat model of a CI/CD pipeline.

This workshop is meant for security champions, application architects, developers and security people. Basic understanding of software development, microservice architecture and cloud platforms (AWS) is recommended. No previous threat model knowledge is needed.

As a software architect you improve the overall security posture of a system you are designing with threat modeling:
-Threat modeling and architecture both use models of systems and involves analyzing (security) properties of those models.
-Threat modeling also leads to an understanding of architectural choices with security implications, gives structure to a set of security challenges, and enables you to change the architecture in a way that reduces these problems at a manageable cost.

This workshop is 50% hands-on, we will challenge the attendees to go through different exercises, built upon a fictional Acme Hotel Booking (AHB) system:
-diagram the AHB applications, sharing the same REST backend (15 minutes)
-threat identification, migrating the AHB applications to AWS. (15 minutes)
-AHB threat mitigation of microservices and S3 buckets (15 minutes)
-threats and mitigations for the AHB CI/CD pipeline (10 minutes)


Seba Deleersnyder

Seba is co-founder, CEO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board, and performed several public presentations on Application Security. Seba also co-organized the yearly... Read More →

Wednesday May 13, 2020 1:00pm - 2:30pm EDT
Salon 11/12 Rosen Plaza Hotel

Attendees (3)