Drawing on real-world use cases—including hotel booking web and mobile applications that share the same REST backend, an internet of things deployment with an on-premises gateway and secure update service, and an HR services OAuth scenario for mobile and web applications—Steven Wierckx walks you through performing practical threat modeling. Along the way, Steven discusses privacy threats and privacy by design, through a hands-on privacy impact assessment of a face recognition system in an airport.
Participants will receive a hard copy of the book Threat Modeling: Designing for Security by Adam Shostack.
Steven Wierckx is a consultant at Toreon. A software and security tester with 15 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design, Steven shares his passion for web application security through his articles in professional magazines and his courses on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He is the project leader for the OWASP Threat Modeling Project and organizes the BruCON student CTF. This year, he spoke at Hack in the Box Amsterdam on the topic of magic mirrors and will host a workshop at the BruCON conference.
Get the Platinum pass or the Training pass to add this course to your package.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org