Application Threat Modeling Case Studies with PASTA

Jun 8, 2017 · Belfast, United Kingdom

Join us for an application security talk from our international expert on Threat Modeling, Tony UV.

This OWASP Belfast session will be held at Puppet, and we thank Puppet for supplying refreshments during the event.  We'll kick off at 7pm.

Session One

Application Threat Modeling Case Studies with PASTA

Developers needs prescriptive guidance on preemptive design and coding techniques. This can be done blindly or in alignment to both application use cases and the context of abuse cases or threats. This talk will speak to case studies in risk centric threat modeling using the PASTA (Process for Attack Simulation & Threat Analysis) methodology and provide 3 use cases of IoT, E-Commerce, and Mobile Applications.
This talk will assume that a basic understanding of data flow diagramming, pen testing, security architecture, and threat analytics is understood by the audience. This talk also centers around the idea of modeling threats for applications based upon a higher propensity of threat intelligence, how to harvest and correlate threat patterns to your threat model and also how to correlate a threat model to defining preemptive controls and countermeasures to include in the overall design.

This session will be given by Tony UV.  Tony has more than 18 years of hands-on information security and technology expertise. He is the founder of VerSprite and has consulted for numerous global Fortune 500 companies, as well as U.S. federal agencies on the subjects of security risk management, application security, threat modeling, and security architecture.

With expertise across multiple control frameworks (ITIL, NIST, ISO, CoBIT, ITIL, etc.), Tony has helped mature security programs built around both automated and process based controls.  In the realm of application security, Tony is a threat modeling evangelist and has co-patented PASTA, Process for Attack Simulation and Threat Assessment and in 2015 authored ‘Risk Centric Threat Modeling’ (Wiley Life Sciences). 

He has served as guest speaker for several groups such as ISACA, IIA, ISSA, ISC2 and OWASP on the topic of application threat modeling and has delivered numerous training sessions on how PASTA can make for a more realistic approach to identifying threat agents and their most likely attack vectors against company infrastructure. Tony has integrated threat modeling with several maturity models such as SAMM, BSIMM, and CMMI as well as risk and control frameworks that include OCTAVE, FAIR, NIST 800- 53, ISO, and CoBIT. His expertise has focused on bridging technical security risks with operational financial risks in order that companies can understand the impact of poor security practices on business.

Session Two

Discovery and remediation of vulnerable packages using Puppet.

A demonstration of using Puppet Enterprise to find specific packages within your infrastructure, then using Puppet to manage those packages and update them simultaneously across your infrastructure. 

This session will be given by Andrew Hayes. Andrew is a Test Engineer at Puppet and works on the automated testing of Puppet Enterprise. 

Event organizers
  • OWASP Belfast

    OWASP, the Open Web Application Security Project, is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of thes

    Recent Events
    More

Are you organizing Application Threat Modeling Case Studies with PASTA?

Claim the event and start manage its content.

I am the organizer
Social
Rating

based on 0 reviews