Over the last few years, significant progress has been made in back end SDLC security controls. Vendors have developed sophisticated analysis tools focusing on code inspection and application testing and organizations are incorporating both automated and manual assessment methods into the latter half of their development process. However, adoption of architectural risk analysis has not been as widespread. Although threat modeling is not a new concept and approaches such as Microsoft's STRIDE are well known, companies have not internalized and adopted design related security controls with the same vigor. The purpose of this presentation is to provide an understanding of what threat modeling is, why it is important, and champion its benefits.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.