[Owasp-austin] January OWASP Meeting - January 27th - Stop hackers at the design phase through Threat Modeling

James Wickett wickett at gmail.com
Mon Dec 29 16:42:00 EST 2008


*When:* January 27, 2009, 11:30am - 1:00pm

*Topic: *Stop hackers at the design phase through Threat Modeling

Over the last few years, significant progress has been made in back end SDLC
security controls. Vendors have developed sophisticated analysis tools
focusing on code inspection and application testing and organizations are
incorporating both automated and manual assessment methods into the latter
half of their development process. However, adoption of architectural risk
analysis has not been as widespread. Although threat modeling is not a new
concept and approaches such as Microsoft's STRIDE are well known, companies
have not internalized and adopted design related security controls with the
same vigor.

Threat modeling in the web app space is becoming increasingly important. The
purpose of this presentation is to provide an understanding of what threat
modeling is, why it is important, teach you how to do it and champion its
benefits.

This meeting will be slightly different from most OWASP meetings, because we
will be breaking up into small groups and complete a Threat Modeling
mini-workshop.

The Threat Modeling mini-workshop includes: - Understand the function and
security objectives of the application - Breakdown the application by
component - Identify and threats by category - Incorporate opposing
countermeasures - Prioritize vulnerabilities by risk and effort

This class will also cover the OWASP documentation (
http://www.owasp.org/index.php/Threat_Risk_Modeling) and it is suggested
reading before the class.


*Who:* Nathan Sportsman

Nathan Sportsman is a Managing Partner and founder of Praetorian. Over the
years, he has worked across most industry sectors and clients have ranged
from Wall St and Silicon Valley to government intelligence agencies and
renowned educational institutions. Nathan is a contributing author to the
6th Edition of the best selling book Hacking Exposed and is a frequent
public speaker. He has lectured on the latest hacking techniques for the
National Security Agency, served as an instructor for the Ultimate Hacking
Series at Black Hat, and is a regular speaker for various security
organizations such as ISSA, Infragard, and OWASP.
Industry designations include the Certified Information Systems Security
Professional (CISSP) and GIAC Certified Incident Handler (GCIH). Nathan
holds a BS in Electrical & Computer Engineering from The University of Texas
at Austin.

*Where:* National Instruments, 11500 N Mopac, Building C which is the
tallest building on campus (8 levels). There will be signs posted in the
lobby to direct you where to go and the receptionists will be able to assist
you as well. See directions to National
Instruments<http://maps.google.com/maps?f=q&hl=en&q=11500+N+Mo-Pac+Expy,+Austin,+TX+78759&ie=UTF8&ll=30.406377,-97.726135&spn=0.017211,0.036778&om=1>.


*Cost:* Always Free

*Questions or help with Directions...* call: Scott Foster 512-637-9824.


-- 
J. H. Wickett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20081229/5b0f5a48/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 4695 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20081229/5b0f5a48/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invite20090127T113000.ics
Type: application/ics
Size: 4771 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20081229/5b0f5a48/attachment-0001.bin 


More information about the Owasp-austin mailing list