AppSec Europe 2016 has ended
Back To Schedule
Friday, July 1 • 10:20 - 11:05
Practical Threat Modeling with Microsofts Threat Modeling Tool 2016

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Threat modeling has been a known and effective practice for identifying weaknesses within the application design for a while know. However, as with other security practices, it requires quite some security know-how and experience to create a proper threat model and derive countermeasures from identified threats. Therefore, most organizations that want threat modeling being conducted internal to improve their software security require a suitable tool that could assist developers, architects, etc. do create such a threat model. When it comes to threat modeling tools most will surely name Microsofts Threat Modeling tool that has been made freely available by Microsoft in different versions quite some time. But only the newest version comes with one decisive new feature that no existing tool had before and that have the potential to help organizations with using threa tmodeling internally a lot. It allows us now to not only investigate but also to change the existing threat logic and to build custom templates with own logic and shapes for new threat models. Based on a lot of practical experience with using this tool in a larger organization, this talk will show how organizations can use it to practically build their own threat modeling tool by mapping their specific security architecture (access management systems, security zones, etc.), custom threats and security requirements into it so that they are already considered in all new threat models created with this tool.

avatar for Matthias Rohr

Matthias Rohr

CEO, Secodis GmH
Matthias Rohr (CISSP, CSSLP, CISM) has over 12 years of experience in architecting, developing and securing web-based applications. He is the founder and of Secodis, a security service and solution provider specialized on integrating security into the software development (Secure... Read More →

Friday July 1, 2016 10:20 - 11:05 CEST
Room B (Tiziano Ballroom Sec. 1)