Welcome to OWASP AppSec 2018 USA we look forward to seeing you in San Jose, CA
Thursday, October 11 • 11:45am - 12:20pm
Value Driven Threat Modeling * DEV Focused*

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
What if we could get developers to apply threat modeling techniques, and embed secure design right in the product from the beginning?    

Threat Modeling is a great method to identify potential security weaknesses, and can enable architects and developers to efficiently prioritize their security investment, thus mitigating and preventing those vulnerabilities that would most likely cause the most damage.   
Unfortunately, though threat modeling provides a far greater return than most any other security technique in a development process, it is apparently “common knowledge” that threat modeling is supposed to be heavily resource intensive, require a full team of expensive security professionals, take up far too much developer time, and does not scale at all.    
But the common knowledge is wrong! In fact, using a lightweight, value-driven approach, skilled development teams can very efficiently ensure that the features they build can protect themselves, the application, and the business value that the features are intended to generate. Value Driven Threat Modeling offers an alternative to top-heavy, big-model-up-front threat modeling, in favor of agility, speed, and integration with the existing development cycle to not just to minimize risk, but to lower security costs.    

This talk will describe Value Driven Threat Modeling, and show how to incorporate it into your existing agile methodologies. We will discuss how developers can efficiently threat model their application to improve development, and walkthrough some example scenarios. And of course, we will see how security can participate productively in the agile development process, leveraging developers own habits to their benefit.   

avatar for Avi Douglen

Avi Douglen

OWASP BoD, Bounce Security
AviD is a high-end, independent security architect and developer, and has been designing, developing and testing secure applications, and leading development teams in building secure products, for around 20 years. My research interests include efficient security engineering, usable... Read More →

Thursday October 11, 2018 11:45am - 12:20pm PDT
  Gold, Intermediate - Dev focused
  • NEW FIELD 1 Track 3