Look! There's a threat model in my DevOps - Alyssa Miller

"You can't threat model in a CI/CD DevOps environment!!" This is a common belief among developers and security professionals alike. With frameworks like STRIDE, DREAD, PASTA, etc. threat modeling is typically viewed as a heavy-weight, time-consuming exercise that is simply not compatible with high-paced development paradigms. As a result, organizations that employ these paradigms commonly scratch threat modeling off their Secure SDLC checklist as simply impossible to implement without breaking their DevOps model. They lose sight of the core purpose of threat modeling and as a result are unable to tailor an approach that fits their development lifecycle. In this session, we’ll turn those misconceptions about Threat Modeling upside down. We’ll go back to the core purpose of threat modeling. We’ll discuss what components of threat modeling are most crucial, what questions we should be asking and who should be answering them. Ultimately, this will all culminate into presentation of an alternative approach to Threat Modeling. We’ll walk through the details of how to implement this backlog-based approach in any development paradigm and demonstrate that it can be done without affecting our development timelines. Alyssa Miller Application Security Advocate - Snyk Alyssa Miller has been a hacker and programmer since her pre-teens when she bought her first computer. While IT was not her original career plan, she ended up working as a developer and later a penetration tester in the financial services industry. As she moved into consulting her focus on defending corporate systems grew to the point where she was advising fortune 100 companies on how to build comprehensive security programs. She’s a security advocate, public speaker and author with a passion for sharing her ideas and knowledge to help improve the ways we defend our digital world. ___________________________________________ Learn with Auth0 Try Auth0 for free - https://a0.to/auth0 Upcoming Events - https://a0.to/events The Auth0 blog - https://a0.to/blog Watch Live Streams on Twitch - https://a0.to/twitch Ask questions on the Community Forum - https://a0.to/community ___________________________________________ Follow Us on Social Follow us on Twitter - https://a0.to/twitter Follow us on LinkedIn - https://a0.to/linkedin

© 2020 Avocado Labs   |   Powered by