Difference between revisions of "OWASP AppSec India Conference 2008 Advanced Threat Modeling"

From OWASP
Jump to: navigation, search
(About Instructor)
(Advanced Threat Modeling)
Line 5: Line 5:
 
Threat Modeling is a technique that you can use to identify ATVS (attacks, threats, vulnerabilities and safeguards) that could affect your web applications. Threat Modeling helps in designing your application securely from a confidentiality, integrity, availability, authentication, authorization and auditing perspective. It is an essential activity to be undertaken during the design stage of your SDLC and helps mitigate and minimize overall risk.
 
Threat Modeling is a technique that you can use to identify ATVS (attacks, threats, vulnerabilities and safeguards) that could affect your web applications. Threat Modeling helps in designing your application securely from a confidentiality, integrity, availability, authentication, authorization and auditing perspective. It is an essential activity to be undertaken during the design stage of your SDLC and helps mitigate and minimize overall risk.
  
Come for a '''fun, hands-on, interactive''' session that will cover the '''basic and advanced elements of threat modeling''', filled with '''exercises for the attendees to participate'''.
+
Come for a <font color="blue">'''fun, hands-on, interactive'''</font> session that will cover the <font color="blue">'''basic and advanced elements of threat modeling'''</font>, filled with <font color="blue">'''exercises for the attendees to participate'''</font>.
  
'''Session Coverage'''
+
'''Session Coverage'''<br>
The session will cover the following topics  
+
The session will cover the following topics <br>
1. Introduction to Threat Modeling
+
Introduction to Threat Modeling<br>
2. Threat Modeling Process
+
Threat Modeling Process<br>
3. Tools, Techniques and Templates
+
Tools, Techniques and Templates<br>
4. Live Demo and Hands-On Exercises
+
Demos and Hands-On Exercises<br>
 
and more ...
 
and more ...
  
'''Who should Attend?'''
+
'''Who should Attend?'''<br>
This session is for Management, Technical (Developer, QA, Security ...) and Operational professionals and any stakeholder that needs to understand how threat modeling can benefit their organizations/companies in designing secure web applications. Whether you are a novice or an expert apropos threat modeling, you will all leave learning something new to design the next generation of hack-resilient web applications.
+
This session is for '''Management, Technical''' (Developer, QA, Security ...) and '''Operational professionals''' and any stakeholder that needs to understand how threat modeling can benefit their organizations/companies in designing secure web applications. Whether you are a novice or an expert apropos threat modeling, you will all leave learning something new to design the next generation of hack-resilient web applications.
  
'''Come and Win exciting Prizes'''
+
<font color="red">'''Come and Win exciting Prizes'''</font><br>
Come and win a free self-assessment voucher to the official (ISC)<sup>2</sup> CISSP&reg; (approx. $300 value) or an iPod Shuffle.
+
First Prize - A FREE voucher to the official (ISC)<sup>2</sup> CISSP&reg; self-assessments (<font color="red">approx. $300 value</font>) (or) <br>
 +
Second Prize - A FREE voucher to the official (ISC)<sup>2</sup> SSCP&reg; self-assessments (<font color="red">approx. $110 value</font>)<br>
 +
(ISC)<sup>2</sup> self-assessments are made possible due to courtesy of [["https://www.expresscertifications.com/isc2/" target="_blank" | Express Certifications]].
  
 
== About Instructor ==
 
== About Instructor ==

Revision as of 14:52, 3 August 2008

Advanced Threat Modeling

To secure your home, you will first need to know how the thief could possibly enter and exit and where you should store your valuables. The same is true of your web applications. Unless you know what the vulnerabilities and threats of your web applications are, and what security measures you should take to protect them, ev1L h@x0rS or the enemy within (insider) could take advantage of the vulnerabilities.

Threat Modeling is a technique that you can use to identify ATVS (attacks, threats, vulnerabilities and safeguards) that could affect your web applications. Threat Modeling helps in designing your application securely from a confidentiality, integrity, availability, authentication, authorization and auditing perspective. It is an essential activity to be undertaken during the design stage of your SDLC and helps mitigate and minimize overall risk.

Come for a fun, hands-on, interactive session that will cover the basic and advanced elements of threat modeling, filled with exercises for the attendees to participate.

Session Coverage
The session will cover the following topics
Introduction to Threat Modeling
Threat Modeling Process
Tools, Techniques and Templates
Demos and Hands-On Exercises
and more ...

Who should Attend?
This session is for Management, Technical (Developer, QA, Security ...) and Operational professionals and any stakeholder that needs to understand how threat modeling can benefit their organizations/companies in designing secure web applications. Whether you are a novice or an expert apropos threat modeling, you will all leave learning something new to design the next generation of hack-resilient web applications.

Come and Win exciting Prizes
First Prize - A FREE voucher to the official (ISC)2 CISSP® self-assessments (approx. $300 value) (or)
Second Prize - A FREE voucher to the official (ISC)2 SSCP® self-assessments (approx. $110 value)
(ISC)2 self-assessments are made possible due to courtesy of Express Certifications.

About Instructor

Mano Paul

Mano Paul (CISSP, MCSD, MCAD, CompTIA Network+, ECSA) is the Founder and CEO at SecuRisk Solutions. Based out of Austin, Texas in the USA, SecuRisk Solutions specializes in three areas of information security solutions - Product Development, Consulting and Awareness, Training & Education.

Before SecuRisk Solutions, Mano played several roles from software developer, quality assurance tester, logistics manager, technical architect, IT strategist and Security Engineer/Program Manager/Strategist at Dell Inc. His security experience includes designing and developing software security programs from Compliance-to-Coding, application security risk management, security strategy & management, and conducting security awareness training and education.

Mano is (ISC)2's Software Assurance Advisor and an appointed Industry representative of Information Systems Security Association (ISSA) Capitol of Texas chapter. He also serves as a faculty member for the ISSA security course at the local university.

Mano has been featured in various domestic and international security conferences, contributed to and published various security articles and is an invited speaker in the OWASP Application Security Conferences, CSI, Burton Group Catalyst, TRISC and the SC World Congress Conferences. He is a contributing author for the Information Security Management Handbook, writes periodically for the Certification Magazine and has contributed to several security topics for the Microsoft Solutions Developer Network.

Mano holds the following professional certifications - CISSP, ECSA, LPT, Microsoft Certified Solutions Developer (MCSD), Microsoft Certified Application Developer (MCAD) and the CompTIA Network+ certification.