Finding Security Defects through Threat Modeling

A session at ArchConf

Wednesday 6th April, 2016

5:00pm to 6:30pm (PST)

When talking about finding security defects we first think of security testing and static analysis of the code. Although, penetration testing and secure code review can uncover many types of security issues in an application, there are gaps that simply cannot be found with these traditional analysis techniques. The interactions between the different systems are beyond the code review level and the complex interconnections are often not reachable from the penetration tester’s point of view. Discovering weaknesses in the design of a system is the specific goal of threat modeling. Organizations benefit from this software design analysis because they can perform it without code to discover potential vulnerabilities early in the development cycle.

This talk will describe one of the popular thread modeling methodologies and follow its process of identifying the assets, security controls, and threat agents for a given system, and then creating a prioritized list of attacks. Security analysts together with system architects can then propose appropriate mitigations to be implemented by the team.

About the speaker

This person is speaking at this event.
Ksenia Dmitrieva

Software security enthusiast. Ballroom dancer. World traveler. bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 5:00pm6:30pm PST

Date Wed 6th April 2016

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session