Title:
Threat-modeling legacy “Cloud” Applications
Description:
Even the most conservative enterprises are looking towards cloud computing platforms to reduce cost of ownership in their data-centers.
* The good news: most never got good at patching or writing firewall rules so hopefully they can offload that overhead to their cloud service provider.
* The bad news: very little refactoring of these applications is going to happen during the life-and-shift phase.
* The really bad news: this is going to be easy compared to when we get buried in cloud-to-cloud or multi-cloud security issues.
To support this effort, the most critical skill is Architecture Risk Analysis (ARA) sometimes referred to as Threat Modeling or simply secure design review. This talk will provide a quick primer on ARA methodology and add context on how to focus efforts on the risks inherent to these migrations.
Bio:
Kevin Nassery is a Senior Principal Consultant at Synopsys where he leads the Software Security Initiatives (SSI) practice, and acts as the operations director for the BSIMM project. With 20+ years of experience building and breaking information systems, he currently specializes in software security program design, infrastructure security, and security architecture. Kevin holds a MS from Depaul University where his focus was on telecommunications security and network protocol design.
The meeting food & drinks will be sponsored by OWASP Dallas.
IMPORTANT Meeting Notes:
This office is a gun-free zone. Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space.
