[Owasp-bristol] How to Secure Application Design Using Risk Centric Threat Modelling

Katy Anton katy.anton at owasp.org
Thu May 5 23:47:11 UTC 2016

Dear all,

On Friday, 20th of May, OWASP Bristol will have an workshop on Threat
 Secure Application Design and Cyber-Attack Simulation & Testing Using Risk
Centric Threat Modelling

The presentation will cover the fundamentals and the practice of using
threat modelling to review the design of web and mobile applications and
identify design flaws that lead to security weaknesses. You will learn how
to mitigate threats with the design of security controls and
countermeasures and security test cases that can be derived from use and
abuse cases and attack vectors to identify vulnerabilities in web and
mobile applications. The overall workshop consists of two sessions of one
hour each: the first session will provide attendees with an understanding
of the fundamentals of threats, attacks vulnerabilities and impact on the
data assets. The second session will provide example on how to conduct
threat modelling including analysis of the threats affecting a specific
application software, the modelling of the attack vectors, the derivation
of specific security requirements for the design of the web application
during the SDLC and the derivation of test cases to simulate the behaviour
of either a web or mobile application under specific types of attacks.

Dr. Morana works as Senior VicePresident at large Financial Institution in
London where he is responsible for the architecture, risk analysis, and
threat modelling program. Dr. Morana also leads strategic initiatives to
identity new countermeasures for mitigating the risks of sophisticated
cyber-threats targeting web and mobile applications.

In his distinguished 15+ years of career in application security, Dr.
Morana held roles in different companies as security consultant,
application security architect, professional trainer and program manager.
As cyber-security technologist, Dr. Morana most important contributions to
cyber-security is the invention of the first secure email plug-in using
SMIME protocol that was patented for NASA in 1996.

Dr. Morana has been the advisor of the EU funded project on cyber-crime
roadmap research CyberROAD and provide lectures yearly at the PhD Summer
School on Computer Security & Privacy at University of Cagliari Italy.

Dr. Morana has been an active contributor to the OWASP organization since
2005 volunteering for the following projects: application security guide
for CISOs , OWASP security testing guide , the OWASP Source Code Review
Project and OWASP Security Analysis of Core J2EE Design Patterns Project
and most recently the OWASP cyber-security startup accelerator initiative

As places are limited, please RSPV  asap at:

All the best,

*Katy Anton *

Bristol (UK) Chapter Leader

Email: katy.anton at owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bristol/attachments/20160506/95d80deb/attachment.html>

More information about the Owasp-bristol mailing list