OWASP AppSecUSA 2011: Simplifying threat modelling

Speaker: Mike Ware


Is threat modelling too tough to produce actionable results? Is it too overbearing on resources? Does it demand too much documentation?

Architects and developers often perceive threat modelling as being too difficult, heavy on documentation, and costly to both produce an initial threat model from a clean slate and to maintain it as the system evolves.

During this talk, we’ll attempt to bust these myths and show how organizations can incrementally obtain better results over time while making threat modeling “seem easy.”

Main category

Information security & security management


Security management

Be surprised

I know what I'm looking for

Related videos