filmov
tv
Practical Threat Modeling for real-world and Cloud Situations in our hybrid and W... - Uma Rajagopal
Показать описание
Speakers
Meghan Jacquot
Recorded Future, Cyber Threat Intel Analyst
Uma Rajagopal
Amazon
Description
In 2020, much of the world shifted to Work from Home (WFH) and now another shift in 2021 is hybrid work. This extends cybersecurity into the home and means that there are more vulnerable points as organizations shift to work though different configurations for the variety of work structures that now exist. While these shifts occur, vulnerabilities and risks are still present. Many of the attacks that have occurred impact multiple organizations, supply-chains, and are international - to name a few: Kaysea, SolarWinds/SunBurst, JBS Meatpacking, let alone the weaknesses from Pegasus and PrintNightmare. All of these attacks and vulnerabilities may make it seem like it is impossible to move forward. However, now more than ever being proactive is imperative. Hence, the importance of threat modeling. Focusing on risk analysis to contextualize the threat and applying controls based on risk should be part of any DevSecOps cycle. The process of shifting security left into the SDLC is paramount now more than ever, especially when attack surfaces increase regularly with more options for network connections and WFH models. This session will cover how to threat model with four stages: Create the model, identify the threats, address the threats, and validate the model. A fifth step once the modeling is done can also be added, which is to communicate out the findings. During the create the model phase, scope setting and scope creep will be discussed. During stage 2 - identify the threats - tools and methodologies will be discussed. For stage 3 an understanding of current systems and practices is essential as this stage will address the threats. Finally, during stage four there is a reflection regarding what was measured. Asking “Were the right components covered?” and having an audit system is crucial towards making effective decisions. After the threat modeling has finished, communicating out to the essential team members is necessary. Overall, realistic scenarios will be used with an emphasis on cloud security with configurations, shifting to the cloud, or being cloud native. These technical examples will be paired with real-world examples to begin the threat modeling conversation in an explainable method. Attendees will leave with tools for being able to model, practice with threat modeling, and suggestions for shifting security left in order to have it be earlier in the software development lifecycle. This session will focus on a high level discussion about threat modeling to shrink the attack surface, improve cyber posture, and decrease risk. Then there will be specifics regarding the four stages of threat modeling. Some vulnerabilities explored will be from the OWASP top ten and will be shown using the DVWA as well as using a virtual private cloud set-up for testing purposes.
Managed by the OWASP® Foundation
Meghan Jacquot
Recorded Future, Cyber Threat Intel Analyst
Uma Rajagopal
Amazon
Description
In 2020, much of the world shifted to Work from Home (WFH) and now another shift in 2021 is hybrid work. This extends cybersecurity into the home and means that there are more vulnerable points as organizations shift to work though different configurations for the variety of work structures that now exist. While these shifts occur, vulnerabilities and risks are still present. Many of the attacks that have occurred impact multiple organizations, supply-chains, and are international - to name a few: Kaysea, SolarWinds/SunBurst, JBS Meatpacking, let alone the weaknesses from Pegasus and PrintNightmare. All of these attacks and vulnerabilities may make it seem like it is impossible to move forward. However, now more than ever being proactive is imperative. Hence, the importance of threat modeling. Focusing on risk analysis to contextualize the threat and applying controls based on risk should be part of any DevSecOps cycle. The process of shifting security left into the SDLC is paramount now more than ever, especially when attack surfaces increase regularly with more options for network connections and WFH models. This session will cover how to threat model with four stages: Create the model, identify the threats, address the threats, and validate the model. A fifth step once the modeling is done can also be added, which is to communicate out the findings. During the create the model phase, scope setting and scope creep will be discussed. During stage 2 - identify the threats - tools and methodologies will be discussed. For stage 3 an understanding of current systems and practices is essential as this stage will address the threats. Finally, during stage four there is a reflection regarding what was measured. Asking “Were the right components covered?” and having an audit system is crucial towards making effective decisions. After the threat modeling has finished, communicating out to the essential team members is necessary. Overall, realistic scenarios will be used with an emphasis on cloud security with configurations, shifting to the cloud, or being cloud native. These technical examples will be paired with real-world examples to begin the threat modeling conversation in an explainable method. Attendees will leave with tools for being able to model, practice with threat modeling, and suggestions for shifting security left in order to have it be earlier in the software development lifecycle. This session will focus on a high level discussion about threat modeling to shrink the attack surface, improve cyber posture, and decrease risk. Then there will be specifics regarding the four stages of threat modeling. Some vulnerabilities explored will be from the OWASP top ten and will be shown using the DVWA as well as using a virtual private cloud set-up for testing purposes.
Managed by the OWASP® Foundation
0:52:59
Practical Threat Modeling for real-world and Cloud Situations in our hybrid and W... - Uma Rajagopal
0:18:23
How to do Real World Threat Modeling
0:52:59
Practical Threat Modeling for real world and Cloud Situations in our hybrid and W Uma Rajagopal
0:02:56
Master the Art of Threat Modeling: Become a Certified Expert Today! | Practical DevSecOps |
0:12:26
STRIDE Threat Modeling using Microsoft Threat Modeling Tool
1:15:22
Threat Modeling Explained| How to implement threat modeling| Pros and Cons of Threat Modeling Method
0:04:57
📣Threat Models in organization & how should they be delivered? | Threat Modeling as Code | @Akey...
0:04:29
Instant Threat Modeling - #14 AWS Infrastructure
0:29:44
AWS Summit ANZ 2021 - How to approach threat modelling
0:34:51
DevSec For Scale Podcast - Threat Modeling For Developers w/ Maran Gunasekaran, Practical DevSecOps
0:11:19
A Complete Guide to Effective Threat Modeling
0:24:58
Mastering Threat Modeling A Practical Approach
1:02:17
Threat Modeling Lab | Security Threat Modeling Workshop
0:06:41
📣 Evolution of Threat Modeling | Shift from DevOps to DevSecOps | @Akeyless
0:47:31
Threat Modeling in 2018: Attacks, Impacts and Other Updates
0:04:22
🚨 How difficult is it to put threat models into practice? | @Akeyless
1:48:55
Dbl Hdr: Self-serve Threat Modeling - Practical Approaches to Integrating SAST
0:56:16
DEF CON Safe Mode Biohacking Village - Curry, Dougherty - INCLUDES NO DIRT: Threat Modeling
0:08:04
Threat Modelling | TryHackMe Walkthrough
0:01:21
Welcome to the Worlds Shortest Threat Modeling Course
0:06:51
Cybersecurity Threat Hunting Explained
0:20:35
AWS re:Inforce 2023 - A tool to help improve your threat modeling (APS224)
0:47:46
Threat Modeling 101
0:00:42
Developers are better at threat modeling in cloud
Комментарии