CF.Objective() Preview: Dean Saxe, on "Security and the SDLC: Threat Modeling"

This will be one of a series of "preview" sessions for the CFObjective conference (http://www.cfobjectiv.... The Acrobat Connect meeting URL will be: http://experts.acroba.... RSVPs are preferred but not necessary.

In this 30 minute preview of his CFObjective seminar, Dean will examine how threat modeling can be used as a baseline activity to ensure the security of web applications. Threat modeling is a structured approach for identifying, evaluating and mitigating risks to system security. By modeling a system as an attacker would, development organizations can prioritize the usage of a development/security budget, manage risks to system security and find vulnerabilities earlier than technical testing or code reviews. Applied early in the development lifecycle, threat modeling can be used to drive further secure SDLC activities, such as code reviews and penetration testing to ensure the security of your software throughout its lifetime.

Bio:

Dean H. Saxe is a Managing Consultant at Foundstone. He is responsible for conducting web application penetration testing, threat modeling, code reviews, secure software development lifecycle (S-SDLC) design and implementation, and project management. Dean also provides client education services as a lead instructor of these Foundstone courses: Building Secure Software, Writing Secure Code: Java/J2EE, and Writing Secure Code: ColdFusion. Dean holds the CISSP and Certified Ethical Hacker designations.