Threat Modeling: From the "cloud" on down

From OWASP
Jump to: navigation, search

Everyone knows that catching software vulnerabilities early is the best way to create secure software with the least cost (and drama). However, how do you do this in the Agile, Cloud-based application environment that we face today? This training walks you trough an overview of threat modeling techniques and tools with an eye on pragmatic solutions to real world problems. Using the topics covered in this class, you will learn how to determine and describe an applications attack surface, understand the probability of an attack while gaining insight into its impact. Whether you're looking to find design flaws early, eliminate low-hanging vulnerabilities or improve and optimize testing, the discussion and hands-on portions of this class provide real-world examples of application security. The hands-on portion draws lessons from actual software such as those powering web-scale, cloud software stacks allowing you to gain practical experience working through tough software problems.