Agile Threat Modeling with Open-Source Tools

Register to watch this content

By submitting your email you agree to the Terms of Service and Privacy Statement
Watch this content now

Tracks covered by this talk

About this talk

If we can build software in a reliable, reproducible and quick way at any time using Pipeline-as-Code and have also automated security scans as part of it, how can we quickly capture the risk landscape of agile projects to ensure we didn’t miss anything important?

Traditionally, this happens in workshops with lots of discussion and model work on the whiteboard with boxes, lines, and clouds.

It’s just a pity that in some agile projects it stops there: Instead of a living model, a slowly but surely eroding artifact is created, while the agile project evolves at a faster pace.

In order to counteract this process of decay, something has to be done continuously, something like “Threat-Model-as-Code” in the DevSecOps sense.

See in this talk the ideas behind this approach: Agile developer-friendly threat modeling right from within the IDE using open-source tools. Models editable in developer IDEs and diffable in Git, which automatically derive risks including graphical diagrams and report generation with recommended mitigation actions.

For more info on this session, please visit the session page at the Summit's website

Christian Schneider

Security Architect, Ethical Hacker & Trainer

Sponsor this Event

Your logo could go here!

If you'd like to get your brand in front of attendees contact us.