Continuous Threat Modeling: Practical, Agile Threat Modeling for Development Teams

GOTO Amsterdam 2023

We will examine how to use CTM, Continuous Threat Modeling, to implement threat modeling in an agile-compatible way for development teams. We will also look at OWASP pytm, a threat-modeling-with-code tool that helps automate some of the threat modeling work.

Requirements

• Basic understanding of system development
• Basic knowledge of Object Oriented syntax (objects and their attributes). Python experience not required.
• A laptop
• A Python 3 environment, or the ability to run a virtual machine in VirtualBox format

This course will feature

• An understanding of what Threat Modeling is, why it is beneficial and how it works in big strokes
• A detailed analysis of some publicly available threat models
• An overview of some of the currently in-use threat modeling methodologies, with practical exercises so the attendants can experience their pros and cons
• A discussion on the role of the developer in the threat modeling process
• A review of the Threat Modeling Manifesto and how it applies to bringing threat modeling practices to your organization
• An examination of the Continuous Threat Modeling methodology, followed by practical exercises
• A review of the existing Open Source threat modeling tools and their different usage scenarios
• A deep dive into pytm, the Pythonic library for threat modeling

Who this course is for

Developers, architects, testers and managers interested in Threat Modeling Security practitioners looking to sharpen their threat modeling skills