Using Risk-Based Threat Modeling to Protect Your Supply Chain

Risk-Based Offensive Threat Models Against the Supply Chain

VerSprite CEO Tony UcedaVelez presents offensive threat models against the supply chain. Threat models are often used by security champions to discover flaws in application environments. Many threat models are built through a defensive lens, foregoing realistic attack patterns that reflect adversarial goals vs. simply using a limited, non-mutable threat category. This presentation focuses on applying a more adversarial threat model to supply chain systems that are integrated into client environments.

Watch the webinar to learn:

• What is risk-based threat modeling and why does it differ from the standard threat model framework
• Why supply chain software is highly attractive to cyber criminals
• Supply chain threat actors and patterns
• How to build your defensive measures with attack patterns that are more realistic based upon criminal cyber trends

AppSecCali 2019 | Offensive Threat Models Against the Supply Chain

Risk-Based Threat Modeling

VerSprite's approach to threat modeling provides a risk-based approach that is backed by evidence. VerSprite's security experts correlate real threats to your attack surface of application components and identify risk by first understanding the context of what the software or application is intended to do for the business or its clients. We also conduct exploitation tests that support threat motives within the model to validate whether they are probabilistic. Correlating viability with sustained impact allows this methodology to resonate as a highly effective risk-focused threat modeling approach. Learn how we can tailor our threat modeling approach to fit your overall organization's security needs. Learn more →