Context Driven Security - Bill Matthews
Application Security is a hot topic and increasingly software testers are being asked to carry out “security tests”; sometimes this is in addition to external security tests but often instead of. Despite the widespread availability of resources on security testing, much of it focuses on techniques so it can be difficult for testers to know where to start and what is important to their context.
Building a Threat Model can help testers formulate a more context driven approach to security testing and help frame these tests by linking your application/assets to possible threats and vulnerabilities, to the tests you are carrying out (or not) and the techniques needed to implement them.
This session will provide an interactive introduction to Threat Modelling and how it can be used to formulate a more context driven approach to security testing.