Application Security/Software Assurance
Security Congress Abstract
Threat modeling is a very powerful tool within application security.
This session explains how we can optimize threat modeling and improve the process outcome, and how we can handle a new dimension in the model since the containers usage requires attention to additional aspects easily overlooked.
We'll start from the common principles of threat modelling, purpose and expectation from the process, and continue with different approaches, roles, and metrics we can apply to the process. We’ll deep dive into the new aspects inserted by containerization of applications for both legacy monolith and modern micro services architecture. We'll conclude with examples where proper threat modeling and mitigation of the risks reduces impact of vulnerabilities recently reported in Docker and Kubernetes.