Bringing Rapid Prototyping To The Threat Model Process
Geoffrey Hill at Global AppSec Tel Aviv 2019
Threat Modelling is a powerful way of discovering security risks during software architecture and design. It can be used to build security into software and remove design flaws before actual code development starts. However, it can be a laborious and time-consuming exercise, which is not a happy marriage with Continuous Integration and DevOps methodologies. As a result, there is very poor adoption of threat modelling industry-wide. This talk will introduce the open-source Rapid Threat Model Prototyping (RTMP) process, which addresses these complications. It uses a just-in-time design process to quickly build a model and identify high-threat areas. The RTMP methodology is proven to speed up software threat analysis in fast-moving Agile/DevOps environments tenfold. It is perfect for creating more automated analysis workflows.
Geoffrey Hill
Founder and CEO, Tutamantic Sec
I have directly involved in application security since 2003 when I enhanced the Microsoft SDL to use with my customers' growing Agile projects. I also started using the Microsoft Threat Modeling process actively at this point and have been building my process over many years.
Geoffrey Hill
Founder and CEO, Tutamantic Sec
I have directly involved in application security since 2003 when I enhanced the Microsoft SDL to use with my customers' growing Agile projects. I also started using the Microsoft Threat Modeling process actively at this point and have been building my process over many years.