The Five Ws of Threat Modeling
Details
Join the Manchester, New Hampshire OWASP Chapter for an introduction to Application Security Threat Modeling.
A well-defined and active Threat Modeling practice is an essential element of a mature application security (AppSec) program, providing the means for understanding and documenting security requirements arising as a consequence of developing software. Despite the benefits threat modeling provides, most development teams don't know how to get started in this practice. This evening's presentation will provide high-level answers to your "Five Ws" questions about threat modeling, including: What is a Threat Model? Who should be involved in creating the model? What should the model contain? and, most importantly, How do I create the model?
Speaker Bio:
Dr. John DiLeo is the Auckland-area leader of the OWASP New Zealand Chapter. As a founding member of Datacom’s AppSec Division, John heads up a consulting team that helps enterprises develop and mature their software assurance programs, with emphasis on governance, threat modelling and risk-based requirements, secure development practices, and security training.
In his “free time,” John does a few things in the global OWASP community - he’s a co-author of the OWASP Software Assurance Maturity Model (SAMM) v2.0, Co-Leader of the OWASP Application Security Curriculum Project, and Vice-Chair of OWASP’s Training and Education Committee.