XConf Unplugged is a meet up series for technologists to stay up to date with the latest tech trends and news. This event is the fourth in our series and is focused on security in software development.
No-one needs convincing that they need to write secure software and deal with their users' data responsibly anymore. But there's a steep learning curve on the topic of security, as the number (and profile) of threats seems to just keep climbing – everything from organised crime and government spying to teenagers who attack systems "for the lulz" – it can all be pretty overwhelming. Threat Modelling and the use of STRIDE as a model provides a set of techniques that help you identify and address the most important threats in both design and in delivery. While only part of a strategy to stay ahead, when used in conjunction with other techniques in your secure software delivery lifecycle, Threat Modelling with STRIDE can help to keep your system secure.
This presentation was made by Jim Gumbley, Technical Principal at ThoughtWorks and Fraser Scott, Cyber Threat Modelling Engineer at Capital One.