Threat Modeling is a great way to identify security risk by structuring possible attacks, bad actors and countermeasures over a broad view of the targeted system. Attendees will learn hands on examples of basic threat modeling concepts and how to use them effectively.
This workshop will be a collaborative experience with threat model content created with the audience. We will open the session with a quick introduction and round up of the tools that will be used: attack trees, flow diagrams and related open source software.
Attendees will be able to choose between three ways of getting involved:
- Brainstorming; give your ideas to the whole group to model on a whiteboard.
- Pen and papers; model the group brainstorm ideas and add your own.
- Computer modeling; generate resulting models using code.
Participants will collectively decide on a system to model:
- Cryptocurrency Desktop Wallet
- Internet of Things Power Switch
- Online Video Game Battle Royale
- Anything else that the group is interested in
Participants should bring:
Pens and paper will be provided for everyone free of charge, we will use a whiteboard and participants can also bring their laptop.
Participants must know or have:
Any skill levels, zero to master knowledge about attack patterns, zero to master knowledge about computer systems. Participant will be able to take a role according to their skill level and enthusiasm.
No prior threat modeling experience is required.