Threat Assessment for Software Architects

The systems we are developing and building can be quite complex, and are starting to use techniques and technologies that are very new. Even though the techniques and technology are new, the way we assess the security and threats remains the same. It boils down to understanding all the bits and bobs that the system is made up of, and thinking through the most applicable weaknesses and threats, and then balancing those weaknesses and threats out with various different types of security controls.

    This 3-hour workshop will cover:

    * Why it’s important to think about the threats your application may face and the benefits that can bring to your development practice
    * Six most common weaknesses that you need to assess for - using the STRIDE threat model
    * How someone, or a threat, could take advantage of those weaknesses
    * Understand the types and categories of security controls we can apply to our systems and how they can minimise those weaknesses
    * How to create your own data flow diagram in a way that can help you identify weaknesses (and the controls needed)

    Erica Anderson
    COO, SafeStack

    Erica has worked in and can empathise with most IT and tech roles. Over the past seven years, she has been a consultant, engineer, tester, analyst, incident responder, and teacher. She has worked with a wide range of organisations, from small NZ businesses to global corporations. Being in Wellington, she has also done her share of public sector work. She knows what it feels like to try and move fast while staying secure.

    Aside from work and various speaking events, Erica loves spending her time causing general chaos in the New Zealand infosec community by running events like Kiwicon, Kawaiicon, BSides Wellington, and Code Club Aotearoa.

    Laura Bell
    CEO of SafeStack, SafeStack

    With over twenty years of experience in software development and information security, Laura Bell Main specializes in bringing security into organizations of every shape and size.

    She is the co-founder and CEO of SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, focusing on building security skills, practices, and culture across the entire engineering team.

    Laura is an experienced conference speaker, trainer, and regular panel member and has spoken at various events such as BlackHat USA, Velocity, and OSCON on the subjects of privacy, covert communications, agile security, and security mindset.

    She is also the co-author of Agile Application Security and Security for Everyone.

    Programutvikling uses cookies to see how you use our website. We also have embeds from YouTube and Vimeo. How do you feel about that?