Threat Modeling 101

Показать описание

Security is a large topic and so full of jargon that it can be hard to know where to get started when thinking about it. Threat Modeling gives you a framework to help you start building security policies.

In this talk, Dan Hardiker, CTO at Adaptavist, will cover what a security model is, when and why it's useful, what its main components are (assets, actors, and vectors), and how they interact. We'll build a basic threat model, enable you to apply these to your systems, and give you references for further learning.

Рекомендации по теме

Комментарии

This was so clear, I was able to explain this to my interviewer. Thank you

kanakocupcake

🎯 Key Takeaways for quick navigation:

02:50 🧠 *Security Mindset: Security is a mindset involving non-functional requirements, thinking about abuse cases, and considering negative scenarios alongside positive ones.*
04:29 🔐 *CIA of Security: The core concerns of security are Confidentiality, Integrity, and Availability (CIA), which involve privacy, data integrity, and ensuring information access when needed.*
06:38 🌐 *Threat Modeling Framework: Threat modeling involves identifying assets, attackers, and attack vectors, creating a threat map, assessing risks, and implementing mitigations to protect against unwanted access.*
12:56 🦇 *Batman's Threat Model: Using Batman as a case study, a basic threat model includes assets like the Batcave, attackers like the Joker and police, and mitigations like encryption, identity protection, and security systems.*
21:21 🛑 *Human Factor: Humans are often the weakest link in security, as demonstrated by people willingly sharing sensitive information, emphasizing the importance of addressing human vulnerabilities in security frameworks.*

Made with HARPA AI

ephixum

Batman model explains it all. All four phases of threat modelinh😺

sadiahabib

22:30 even though it looks so staged, but its a good example to learn.

nmkkannan

I wish you would diagram a real app and database users and entry points - where attackers log in or users login, you would talk about session-id and etc, it is good for basic information but it is not enough to understand how an app works, I am looking for materials - who explain by decomposing an app.

alexman

The shark story is fictional. This is the headington shark.

avimetal

Threat Modeling 101

STRIDE Threat Modeling for Beginners - In 20 Minutes

Threat Modeling 101

What is Threat Modeling and Why Is It Important?

Threat Modeling: uncover vulnerabilities without looking at code - Chris Romeo

Hacker 101 - Threat Modeling

Threat Modeling 101

Artur Balsam - Threat Modelling 101 - Ory Summit 2022

How to do Real World Threat Modeling

SBA Live Academy, Threat Modeling 101 – eine kurze aber praxisnahe Einführung by Daniel Schwarrz

Vlad Styran - Application Threat Modeling 101

E11 Threat Modeling 101

[HotPETS] Privacy Threat Modeling 101

Threat Modelling as Code and Threat Modelling Challenges

#GRIMMCon - John 'JT” Thomas - Threat Modeling 101

Audrey Long: Threat Modeling 101: Star Wars Edition

From Zero To Hero: Threat Modeling In 90 Minutes by Steven Wierckx

Threat Modeling 101 Viss

Cybersecurity Threat Hunting Explained

Getting Started with Software Threat Modeling

LayerOne 2017 - Threat Modeling 101 (Viss)

MobSec 101: Threat Modelling

What's Threat Modeling and Incident Management?

Marcin Grzesiak: Threat Modeling 101 | OMH 2023

Converge 2017 203 Threat Modeling 101 Matt Clapham