VerSprite Presentation | Offensive Threat Models Against the Supply Chain VerSprite Presentation | Offensive Threat Models Against the Supply Chain

Home  |  Resources  |  Events

Offensive Threat Models Against the Supply Chain

VerSprite's Upcoming Presentation

Written By: Tony UcedaVélez


< Back to Blog Home

Upcoming Event Details:

Threat models are often used by security champions to discover flaws in application environments. Many threat models are built thru defensive lens, foregoing realistic attack patterns that reflect adversarial goals vs. simply using a limited, non-mutable threat category.

This talk will focus on applying a more adversarial threat model to supply chain systems that are integrated into client environments.

Supply chain software is highly attractive to cyber criminals due to being implicitly trusted by many of the [vendor] respective client infrastructures.

Threat actors in this area include nation states, competing corporations, and private hacker syndicates. Emulating realistic offensive attack patterns in threat models yields better results for defensive measure by providing attack patterns that are more realistic based upon criminal cyber trends.

Goals for this talk will be as follows:

  • View a sample threat library for Supply Chain threat models
  • Understand threat sources that substantiate these types of threat models
  • Exemplify the threat model against a real world MNCs (one or two will be exemplified)
  • Build a sample attack tree to blueprint exploit development and testing
  • Understand how an operationalized attack tree yields granular countermeasures development and more specific risk reduction measures for the application
  • See how such an exercise can bolster other activities in a security program (vendor risk management, legal/ procurement, etc.) in order to shore up supply chain risks associated with a given threat model.

Register Now →

We are an international squad of professionals working as one.