Developers need prescriptive guidance on preemptive design and coding techniques. This can be done blindly or in alignment to both application use cases and the context of abuse cases or threats.
This talk speaks to case studies in risk centric threat modeling with the PASTA (Process for Attack Simulation and Threat Analysis) methodology and provides 3 use cases of IoT, E-Commerce, and Mobile Applications. This talk assumes that a basic understanding of data flow diagramming, pen testing, security architecture, and threat analytics is understood by the audience.
This talk also centers around the idea of modeling threats for applications based upon a higher propensity of threat intelligence, how to harvest and correlate threat patterns to your threat model, and how to correlate a threat model to defining preemptive controls and countermeasures to include in the overall design.