Three levels of complexity: Threat Modeling of Containerized Application
Elena Kravchenko at Global AppSec Tel Aviv 2019
Threat Modeling is a very powerful tool of Application Security; however, many organizations are struggling to use it. There is a common perception that the Threat Modelling is too heavy and should be done only at specific stages of development process. In the session I am going to explain how we can optimize threat modeling and improve the process outcome. As well as how we can handle a new dimension in the model since the containers usage requires attention to additional aspects which can be easily overlooked. The session will also touch aspects of success measurement and incremental improvements. In addition I will provide examples of real cases when properly identified risks during thread modeling for containerized applications reduce the recently reported Docker and Kubernetes vulnerabilities impact.
Elena Kravchenko
Application Security Expert, CISSP, Micro Focus
Application Security Expert, CISSP• 6+ years as Security Lead for Business Unit ( global, multidisciplinary, 400+ developers)• 25+ years of software engineering, in different positions : software engineer, technical lead, system architect, application security lead
Elena Kravchenko
Application Security Expert, CISSP, Micro Focus
Application Security Expert, CISSP• 6+ years as Security Lead for Business Unit ( global, multidisciplinary, 400+ developers)• 25+ years of software engineering, in different positions : software engineer, technical lead, system architect, application security lead