DESIGNING SECURE SYSTEMS: VALUE DRIVEN
Avi Douglen, Bounce Security
What if we could get developers to apply threat modeling techniques, and embed secure design right in the product from the beginning?
Threat Modeling is a great method to identify potential security weaknesses and can enable architects and developers to efficiently prioritize their security investment, thus mitigating and preventing those vulnerabilities that would most likely cause the most damage.
Unfortunately, though threat modeling provides a far greater return than most any other security technique in a development process, it is apparently “common knowledge” that threat modeling is supposed to heavily resource intensive, require a full team of expensive security professionals, take up far too much developer time, and does not scale at all.
But the common knowledge is wrong! In fact, using a lightweight, value-driven approach, skilled development teams can very efficiently ensure that the features they build can protect themselves, the application, and the business value that the features are intended to generate. Value Driven Threat Modeling offers an alternative to top-heavy, big-model-up-front threat modeling, in favor of agility, speed, and integration with the existing development cycle to not just to minimize risk, but to lower security costs.
This talk will describe Value Driven Threat Modeling, and show how to incorporate it into your existing agile methodologies. We will discuss how developers can efficiently threat model their application to improve development and walk through some example scenarios. And of course, we will see how security can participate productively in the agile development process, leveraging developers own habits to their benefit.