Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Speaking on Threat Modeling for Web Applications at OWASP Boston

Wednesday, October 26, 2005 Comments

 .NET  ArchitecturePatterns  ASP.NET  Personal  Security  Speaking 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

I will be speaking on Threat Modeling for Web Applications at the local OWASP Boston chapter meeting on November 2, at the Microsoft, Waltham, MA offices. This may turn into more of an interactive teaching session similar to what I am doing Friday at the MAD Security Code Camp as I am seeing more interest in this way of presenting this topic. Threat modeling can be very helpful as you design your own web applications, so you are welcome to attend if you are in the area.

I have been interested to see how threat modeling has evolved over the last few years. At PDC 2005, there was an interesting summary of the current state of threat modeling during the Security Symposium. An emphasis on simplifying the exercise was stressed, especially for those who aren't security experts. The big question (in my mind): how can the typical developer and/or architect get a handle on the security design tradeoffs? You can find the slides for the Symposium at PDC here. Interesting reading.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook