0      0


Cloud Security Engineering: Applied Threat Modeling


Nov 18, 2020 10:45am ‐ Nov 18, 2020 12:00pm



Credits: None available.

Description

In this workshop, participants will learn how to apply threat modeling concepts to cloud-native application architectures to expose attack surfaces. Our case study will be a cloud-native SaaS, multi-tenant application running in AWS.

We will be applying attack methodologies from the open source community and attack libraries from Mitre (e.g., ATT&CK, CAPEC), as well as from the Common Architectural Weaknesses and Exposures (CAWE) taxonomy. Participants will each produce a working threat model. We will use publically available tools for the threat modeling exercise to uncover application design defects that can be exploited. Our goal is to understand how cloud-native applications work holistically and to dive deep into topics such as: container orchestration; micro services; advanced authentication; secrets management; and data processing risks.

Speaker(s):

Credits

Credits: None available.

You must be logged in and own this session in order to post comments.