Presentation: "Making Threat Modeling Useful to Software Development"
Time: Wednesday 13:00 - 14:00
Location: Stanford
How will attackers break your web application? How much security testing is enough? Threat modeling, applied with a risk management approach can answer both of these questions if done correctly. This talk will present threat modeling through examples and exercises using the Java EE platform and focusing on authentication, authorization, and session management.
Participants will learn how to use diagramming techniques to explicitly document threats their applications face, enumerate the attack vectors these threat take advantage of, and plan tests to validate an application resists such attack.