Fall is in the air! We hope the students who are back to the grind will consider joining us for our first meetup of the academic year, as well as our industry and hobbiest members who took the summer to take a break from the screen!
This month we're excited to have Sandra Escandor-O'Keefe, Security Engineer at Fastly, presenting on threat modeling. Description below:
"Several years ago, when I first started software development and working on production code for the first time, I wanted to find ways of quickly learning and understanding large codebases and systems that other people had written. In my search, I came across the idea of threat modeling. When I used it for the first time, I found that I was able to learn a particular codebase and system quickly, and in a more holistic way. A great additional bonus was that I was able to find a vulnerability in the system, and was able to create a fix for it.
The goal of this talk is to help others learn what threat modeling is, why it's useful, and see how it is used. This talk is for everyone who would like to improve their code-reading skills, and to make their code more secure.
I'll start by giving a description of threat modeling, and the general strategy. Then, we'll go over ideas such as data flow diagrams, trust boundaries, spoofing, tampering, repudiation, information leakage, denial of service, and elevation of privilege. If there's enough time, I will quickly go over encryption and authentication and how these relate to threat modeling. Finally, I'll open the floor for Q&A and discussion."