The accreditors of this session require that you periodically check in to verify that you are still attentive.
Please click the button below to indicate that you are.
In this workshop, participants will learn how to apply threat modeling concepts to cloud-native application architectures to expose attack surfaces. Our case study will be a cloud-native SaaS, multi-tenant application running in AWS.
We will be applying attack methodologies from the open source community and attack libraries from Mitre (e.g., ATT&CK, CAPEC), as well as from the Common Architectural Weaknesses and Exposures (CAWE) taxonomy. Participants will each produce a working threat model. We will use publically available tools for the threat modeling exercise to uncover application design defects that can be exploited. Our goal is to understand how cloud-native applications work holistically and to dive deep into topics such as: container orchestration; micro services; advanced authentication; secrets management; and data processing risks.
Speaker(s):
Mr. Richard
Tychansky,
CISSP-ISSEP, CCSP, CGRC, CSSLP,
Security Architect,
Independent
Credits
Credits: None available.
You must be logged in and own this session in order to
post comments.