Click here for our new site

Intro to Threat Modeling

Joshua Koike

In production environments, especially immediately after inheriting a project, asking a piece of software to immediately “be secure” is unreasonable. Thus, threat models are created to prioritize fixing vulnerabilities. This talk covers the basics of vulnerability identification, assesment, and patching, using the DREAD and STRIDE threat models and the Buggy Web Application Project as an example.

Fork me on GitHub