Threat Modeling is a great way to identify security risk by structuring possible attacks, bad actors and countermeasures over a broad view of the targeted system. Attendees will learn hands on examples of basic threat modeling concepts and how to use them effectively.
This workshop will be a collaborative experience with threat model content created with the audience. We will open the session with a quick introduction and round up of the tools that will be used: attack trees, flow diagrams and related open source software.
Attendees will be able to choose between three ways of getting involved:
- Brainstorming; give your ideas to the whole group to model on a whiteboard.
- Pen and papers; model the group brainstorm ideas and add your own.
- Computer modeling; generate resulting models using code.
Participants will collectively decide on a system to model:
- Cryptocurrency Desktop Wallet
- Internet of Things Power Switch
- Online Video Game Battle Royale
- Anything else that the group is interested in
Participants should bring:
Pens and paper will be provided for everyone free of charge, we will use a whiteboard and participants can also bring their laptop.
Participants must know or have:
Any skill levels, zero to master knowledge about attack patterns, zero to master knowledge about computer systems. Participant will be able to take a role according to their skill level and enthusiasm.
No prior threat modeling experience is required.
Jonathan Marcil Application Security Specialist,
Jonathan is an Application Security Consultant that has published on the topic of threat modeling and is involved in NorthSec CTF and OWASP Montreal. He is passionate about Application Security and enjoys architecture analysis, code review, cloud security and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has 20 years of experience in Information Technology and Security.