Thanks to Charlie Arehart and the guys behind Cf.Objective(), I'll be presenting a 30 minute mini-talk on Friday entitled "Security and the SDLC: Threat Modeling". This will be the first online user group presentation I'll be doing and I'm pretty excited!
"In this 30 minute preview of his CFObjective seminar, Dean will examine how threat modeling can be used as a baseline activity to ensure the security of web applications. Threat modeling is a structured approach for identifying, evaluating and mitigating risks to system security. By modeling a system as an attacker would, development organizations can prioritize the usage of a development/security budget, manage risks to system security and find vulnerabilities earlier than technical testing or code reviews. Applied early in the development lifecycle, threat modeling can be used to drive further secure SDLC activities, such as code reviews and penetration testing to ensure the security of your software throughout its lifetime."
While this is billed as a preview of my Cf.Objective() talk, its more of a parallel track. In this talk I'll be hitting on one of the three high ROI activities that can be added to the SDLC in order to begin addressing the problem of software insecurity. Of course at Cf.Objective() I'll be spending more time on the baseline activities, including code reviews and penetration testing, and how they fit into the overall development lifecycle.
I hope people will RSVP for this online meet-up and then come see me in Minneapolis next week!