Hang out a bit around those security guys, and very soon you’ll encounter the term “Threat modeling”.
It sounds cool and quite heavy, so you nod your head and let them go on rambling in their special lingo. What you don’t know is that a large part of the terms going over your head only because of a translation problem - They are using different words to describe something you are already familiar with.
In this talk we’ll see how threat modeling works and how it is similar to activities we do on a daily basis such as design reviews or risk analysis.
- Learn what is threat modeling and how to do it.
- Get a glimpse into security people language.
- Understand that security testing (a.k.a. penetration testing) is more about testing than it is about security, and that testers can and should contribute to this effort and even lead it.