Threat modeling is a core activity for “baking security in”. Understanding the threats against your system, how likely it is for these threats to be realized, the impact of a reaized threat, and how to defend against the threat is key to building a system that withstand the types of attacks you’re likely to care about. Unfortunately, threat modeling is a bit of a dark art; there are numerous ways to perform threat modeling, but very little pragmatic information regarding how to actually do the modeling and what do to once you’ve finished.This talk will provide an overview of threat modeling including existing processes, pros and cons of current methods, expected inputs and outcomes, and how to know when you’ve threat modeled enough. Further, this talk will present a hybrid threat modeling method derived from Microsoft’s SDL threat modeling process. This hybrid method is lighter weight and geared towards security professionals rather than developers but should result in similar outcomes and fidelity. Finally, this talk will examine further customizations that can be made to taylor the SDL process to suit your needs.

Back to Derbycon 2014 video list