Threat Modelling: How Software Survives in a Hacker’s Universe Saskia Coplans

  • Locked
Saskia Coplans's profile
Saskia Coplans

Founder and Security Consultant

Threat Modelling: How Software Survives in a Hacker’s Universe Saskia Coplans image
Talk Description

This is the story of how a client lost millions due to a costly oversight that allowed attackers to exploit a devastating vulnerability. Although the client was aware that this weakness existed when the final product was launched, it would have been too expensive to fix and would have required them to miss critical deadlines.

In this talk, we'll discuss how with version 2, we helped our client by starting with some threat modelling techniques in order to understand; which assets an attacker would be after, what weaknesses existed in the design that would allow an attacker to access them, and what protections could be put in place to stop the same level of attack happening again.

 

Takeaways

  • How we can use threat modelling to think like an attacker
  • How threat modelling can help us secure our applications and how software testers can integrate this technique into the testing process
  • Why thinking about security as early as possible is the safest option

=

What you’ll learn

By the end of this talk, you'll be able to:

  • TBA
Saskia Coplans's profile'

Saskia Coplans

Founder and Security Consultant

Saskia is the Cofounder and Director of Digital Interruption and REXScan, and is the Director of Innovation for Data Science, AI and Cyber and HOST Salford. Saskia has over ten years experience in information security and governance along with standards and policy development. She has worked across Europe and Central Asia for Governments, NGO’s, Regulators and the Private Sector and presents at events and conferences world wide. She sits on the Greater Manchester Cyber Advisory Group, the Board of OWASP Manchester and the Infosec Hoppers and is a Copresenter on the Greyhats Podcast. 
Suggested Content
Security in the Wild: Being at the Top of the Food Chain - Renato Rodrigues
6 Questions To Ask Before Releasing Software
How Industrial Anthropology Influenced My Testing - Christian Kram
99 Second Talks - Test.bash(); Manchester 2018
But I'm Not A Security Tester! Security Testing On The Web For The Rest Of Us
Testing Ask Me Anything - Security Testing
Evolving Our Testing: Assessing Quality Throughout The SDLC
Create a High-Level Visual Ways of Working
Model Fatigue and How to Break It – John Stevenson
Explore MoT
TestBash Brighton 2024
Thu, 12 Sep 2024, 9:00 AM
We’re shaking things up and bringing TestBash back to Brighton on September 12th and 13th, 2024.
The Complete Guide To CSS Selectors
Learn how to create robust CSS selectors for your automation and much more...

Tags

  • security
  • analysis
  • models