Threat modeling

Learning objectives

Overview

Security is not free. Without security, a system is exposed to risk of exploitation by adversaries. A threat model creates a framework to weigh up risk against the cost of security.

In this workshop, participants are presented with a sample system which they are invited to build a threat model for. The components of cost and risk are introduced step by step. At the end of the end of the workshop, all elements are available to assign development priorities.

Threat modeling traditionally has 2 strands, one outward-looking, concentrating on the adversary, the other inward-looking, focusing on system vulnerabilities. In this workshop, both approaches are combined to achieve a balanced risk assessment.

ir. Johan PeetersJohan Peeters

Johan Peeters is an independent software architect. He serves both large companies and SMEs and has addressed software development issues ranging from product definition to acceptance testing. He is the program director for secappdev.org.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

ISSA OWASP
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.