I am going to present deep dive session on Threat Modeling Process and our very own Threat analysis and modeling Tool - TAM in TechMela 2007 in Mumbai [13th - 16th June]
For more information on the event registerations, sessions or speakers check out http://www.techmela.com
See you in mumbai.........
Here is the my session title and abstract...
Session Title :
Threat Modeling Strategy for Line Of Business applications.
To protect your applications and build a secure system, it is imperative that you identify and understand all of the potential threats to your applications. Threat modeling is an increasingly valuable discipline, and one that should form part of your application design phase.
The process of threat modeling is built on a simple principle: in order to feasibly build a secure system, one must understand all the threats in that system. The challenge, however, has been to make threat modeling easily adoptable by and beneficial for non-security information technology professionals (business owners, architects, developers, testers, etc.). With over 3 years of experience in threat modeling, Microsoft has developed and refined a threat modeling process to a point where minimal input (non-security related!) is used to produce a feature rich threat model used to manage the risk to software applications during the SDLC and beyond. Using the Microsoft Threat Analysis & Modeling v2.1 tool, application development teams can create a threat model that helps detect security flaws and evaluate application threats and vulnerabilities.
This session will go over this threat modeling process, outline its benefits, showcase the Threat Analysis & Modeling tool [TAM] and show how threat modeling fits into the Microsoft Security Development Lifecycle (SDL) for IT.