Drawing on real-world use cases—including hotel booking web and mobile applications that share the same REST backend, an internet of things deployment with an on-premises gateway and secure update service, and an HR services OAuth scenario for mobile and web applications—Steven Wierckx walks you through performing practical threat modeling. Along the way, Steven discusses privacy threats and privacy by design, through a hands-on privacy impact assessment of a face recognition system in an airport.
Participants will receive a hard copy of the book Threat Modeling: Designing for Security by Adam Shostack.
Steven Wierckx is a software and security tester with 20 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design. Steven shares his passion for web application security through writing and training on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He’s the project leader for the OWASP Threat Modeling Project and organizes the BruCON student CTF. He spoke at Hack in the Box Amsterdam, hosted workshops at BruCON and DevSecCon (UK) and delivered threat modeling training at OWASP AppSec USA, OWASP AppSec Israel, BruCON and O’Reilly Security New York.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com