What Happened

Select a session to learn more about it.

  • Daniel Billing
  • Exploring Security - Developing Inclusive Threat Models in your Teams
    Daniel Billing
    99 Minute Workshop

    Exploring Security - Developing Inclusive Threat Models in your Teams

    What

    99 Minute Workshop

    Description

    Threat Modelling is a whole team activity to identify and model potential security threats to a software product or system.  They can be done using specific software tools, or visual data capture methods. Threat Modelling is an essential activity for modern development teams. They offer an opportunity to explore and understand potential threats to your products,

    Security Threats are as diverse and varied as your teams. Everybody on your team will have a different perspective and skills. When Threat Modelling, it's crucial to involve everyone. Critical stakeholders will have a keen eye on the business risks. Software Engineers will likely have a greater focus on security risks within their technical area of expertise. The more diverse and inclusive your threat modelling, the more effective it will be.

    We will draw on learning from security experts such as Adam Shostack and Tanya Janca. Using games, mind maps and other techniques to model a vulnerable web application.

    Attending this workshop will bring sharp focus on the problems that security will surface in your products and teams. You'll be able to add value to your teams by building confidence in your understanding and communication of security issues within your organisations.

    Takeaways

    • Select from a range of threat modelling techniques appropriate for their context
    • Choose a team to complete a threat modelling exercise
    • Investigate a threat model for a vulnerable web application utilising the ‘character’ profiles selected
    • Reflect on their threat model in light of feedback from team members and contributors

    Prerequisites

    No prior security knowledge is required, as this is an introductory course, however a good understanding of how modern applications are designed, developed and tested.

    Attendees will need to be able to set up an instance of OWASP JuiceShop.

    Speaker

    Daniel Billing
    Daniel Billing
    Senior Software Engineer
    Dan has been a tester for 20 years, working within a diverse range of development organisations, mostly in London and the south-west of England. He is now freelance test consultant, coach and trainer, but has worked within some complex industries and contexts. His skills include mentoring, supporting and training members of the team to develop their security skills also. Dan’s love of testing drives him to become an active member of the testing community. He has organised international events and workshops in the testing community, and is a speaker at various international Agile, technology and testing conferences. He is also a co-host of the Screen Testing podcast, alongside Neil Studd.

    Frequently Asked Questions

    Are the Workshops Recorded?

    Our 99-minute workshops are designed to be attended live. If you can’t make the scheduled time, we will add highlights of the workshop in the future once the workshops are complete.