Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

XConf Unplugged: Secure Design with Threat Modelling

836 views

Published on

XConf Unplugged is a meet up series for technologists to stay up to date with the latest tech trends and news. This event is the fourth in our series and is focused on security in software development.

No-one needs convincing that they need to write secure software and deal with their users' data responsibly anymore. But there's a steep learning curve on the topic of security, as the number (and profile) of threats seems to just keep climbing – everything from organised crime and government spying to teenagers who attack systems "for the lulz" – it can all be pretty overwhelming. Threat Modelling and the use of STRIDE as a model provides a set of techniques that help you identify and address the most important threats in both design and in delivery. While only part of a strategy to stay ahead, when used in conjunction with other techniques in your secure software delivery lifecycle, Threat Modelling with STRIDE can help to keep your system secure.

This presentation was made by Jim Gumbley, Technical Principal at ThoughtWorks and Fraser Scott, Cyber Threat Modelling Engineer at Capital One.

Published in: Technology
  • Be the first to comment

XConf Unplugged: Secure Design with Threat Modelling

  1. 1. Jim Gumbley - ThoughtWorks Fraser Scott - Capital One
  2. 2. Thinking about things that can go wrong... …so you can do something about them... ...before they go wrong.
  3. 3. ● ● ● ●
  4. 4. ● ● ● ●
  5. 5. The are determined by you threat model, is involved, and you do it
  6. 6. DESIGN BUILD DEPLOY MAINTAIN
  7. 7. ● Three Amigos ● Whole Team ● Multi-Team
  8. 8. ● What are we building? ● What can go wrong? ● What are we going to do about it? ● Did we do a good enough job?
  9. 9. ● Identity ● Authentication
  10. 10. ● Integrity ● Injection ● Validation
  11. 11. ● Non-Repudiation ● Logging ● Audit
  12. 12. ● Confidentiality ● Encryption ● Leakage ● Man in the middle
  13. 13. ● Availability ● Botnets ● DDoS / DDoSaaS
  14. 14. ● Authorisation ● Isolation ● Blast radius ● Remote Code Execution
  15. 15. It would be very remarkable if any system existing in the real world could be exactly represented by any simple model. The only question of interest is: "Is the model illuminating and useful?"
  16. 16. Juice Shop Juice Shop
  17. 17. DEMO
  18. 18. Welcome to the Juice Shop! Juice Shop
  19. 19. ● ● ● ●
  20. 20. 1. REVIEW THE JUICE SHOP SECURITY DEBT 2. THREAT MODEL THE DISCOUNT USER STORY
  21. 21. Amazon Web Services Container Runtime Docker / AWS ECS SQL AWS RDS PostgresJuice Shop Server NodeJS Juice Buyer Shop Admin Files AWS EBS Engineers Logs ELK Stack Juice Shop Frontend AngularJS Bootstrap CSS Google Oauth Travis CI Github Payment Service NodeJS
  22. 22. Login View Product View Basket Confirm Order Add item to basket [item id] Go to BasketReturn to products Redirect Checkout Remove item [item id] Apply Discount Unauthenticated on Internet Authenticated Juice Buyer [Discount Code] Checkout
  23. 23. ● ● ● ● ● ● ●
  24. 24. ● ● ● ● ● ● ●
  25. 25. threat-modeling /r/threatmodeling/See Reddit :) www.thoughtworks.com/xconf-eu

×