Matthew Butler will present an expanded topic from one of his upcoming CppCon 2018 talks: Secure Coding Best Practices.
One of the often-overlooked tools in software security is Threat Modeling. But what is Threat Modeling and how does it help us design and code more secure systems?
This talk will look at several techniques in Threat Modeling focusing on one of the more popular variants. We'll see how this technique is used to:
expose attack surfaces,
uncover architectural flaws early,
identify attack vectors,
balance risks and usability, and
document mitigation strategies.
We'll also look at the available tools and see how Threat Modeling integrates into Agile and Waterfall development cycles. Then we'll wrap up the talk with a group Threat Modeling exercise.
If time permits, we'll also do a walkthrough of how a code exploit can be used to expose sensitive information or penetrate a system. The audience will get to choose from several common exploits. Then we'll do it live, discussing mitigation strategies and forensics for detecting ongoing attacks.
As usual dinner will be provided. Be sure to RSVP!