WeAreDev 2024 - Real-World Threat Modeling
About WeAreDevelopers World Congress
WeAreDevelopers World Congress is the world’s premier event for developers, bringing together tech enthusiasts, industry leaders, and innovators to share knowledge, inspire collaboration, and discuss the future of software development. Known for its vibrant atmosphere and cutting-edge sessions, the event is a hub for learning about the latest trends and best practices in software engineering, security, AI, and beyond.
Why Threat Modeling Matters
In today’s fast-paced development environments, security often takes a backseat to functionality. Threat modeling flips this narrative, embedding security considerations early in the development cycle. It empowers teams to:
- Identify and address vulnerabilities proactively.
- Reduce the attack surface effectively.
- Foster collaboration between developers, security professionals, and stakeholders.
What We Covered
In the session, we dove deep into the practical aspects of threat modeling. Here’s a brief overview of what we discussed:
- The Basics of Threat Modeling: Understanding its purpose, key goals, and the importance of integrating it into the shift-left security journey.
- Terminologies Demystified: From weaknesses and vulnerabilities to risks, impacts, and attack surfaces—we broke down the critical concepts for effective threat modeling.
- Popular Methodologies: We explored PASTA, STRIDE, OCTAVE, and VAST, with a special focus on STRIDE’s workflow and its application to real-world scenarios.
- Practical Application with DFDs: Using Data Flow Diagrams (DFDs), we identified trust boundaries, mapped attack vectors, and worked through mitigation strategies.
- Actionable Takeaways: Attendees left with hands-on techniques to address threats—whether by mitigation, elimination, transferring the risk, or acceptance.
Watch the Session and Access the Slides
If you missed the live session, don’t worry! Here are the resources to catch up:
Let’s Continue the Conversation
Threat modeling is an evolving practice, and there’s always more to learn. If you have questions, want to discuss specific scenarios, or share your experiences, feel free to reach out.
I hope these resources help you on your journey to secure and robust software development. Let’s keep building better and safer systems together!