No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? What should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to integrate threat modeling into your existing application lifecycle. We’ll even walk through the process step by step as we threat model a live application. Start building secure applications today.


Comments are closed.

Really enjoyed it. Felt like it provided a good checklist and approach for analyzing attack surfaces and prioritizing responses. Really appreciate "giving permission" for not fixing everything - always good to remind devs that "good enough" is, in fact, good enough.

Might be value in spending more time on who potential attackers are? How does protecting from internal attacks differ from defending against script kiddies?

Really great talk that is equally inspiring and terrifying.

Demin Yin at 23:56 on 14 Sep 2018

Thanks for the great talk from Adam. We are web developers working on things publicly available to almost everyone, and it's always challenging to protect our web applications from attackers in the world every single day. Without proper security measuring, modeling and protection methodologies discussed in the talk, web products are vulnerable even you don't even notice it. Glad to hear about threat modeling and related tools in the speech making our development processes more secure than ever, and brainstorm me while building web services for our products.