SlideShare une entreprise Scribd logo

Threat Modeling for Dummies - Cascadia PHP 2018

Adam Englander
Adam Englander

No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? Who should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to begin integrating threat modeling into your existing application lifecycle. Start building secure applications today.

Technologie
1  sur  58
Télécharger pour lire hors ligne
@adam_englander Building Secure Applications: Threat Modeling for Dummies Adam Englander Software Architect, TransUnion
@adam_englander What Are We Going to Cover • An overview of threat modeling • The process of threat modeling • Some common tools to assist you • An example from start to finish • Action items for now, near future, and beyond
@adam_englander What is threat modeling?
@adam_englander –Wikipedia “Threat modeling is a process by which potential threats … can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view.”
@adam_englander –Wikipedia “Threat modeling is a process by which potential threats … can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view.”
@adam_englander What’s the process?
@adam_englander Document All the Things!
@adam_englander Map Out Your Application
@adam_englander Internet Internal DMZ System: Big Picture Firewall Load Balancer MySQL MySQL App Server Firewall DNS SMTPCDN Alerting Stats Bastion Logs Consumer Payment CA
@adam_englander Process: Microscope User Logs In Views Product Catalog Adds Item to Cart Initiates Checkout Confirms Billing Info Selects Payment Method Confirms Shipping Info/ Method Confirmation Email Sent Payment Authorized
@adam_englander Identify Assets Commerce Site DB Credentials SMTP Credentials Payment GW Creds Encryption Keys SSL Certs SSL Private Keys Access to SMTP Database Cust Emails Cust Billing Data Cust PII Payment Data Order History User Credentials User Emails Shopping Carts Sessions Inventory/Pricing Transaction Logs SMTP DKIM Creds Mail Logs Payment Gateway Purchase History Charge/Refund Authority Log Server Raw Logs Host Names Stack Traces Client IPs User Behavior Internal Network DB Admin Creds Hosting Creds DNS Admin Creds Payment GW Admin Creds Encryption Keys SSL Certs SSL Private Keys
@adam_englander Identify Entry Points Firewall App Server Database HTTPS Unrestricted Internal Network Internet Firewall
@adam_englander Identify Entry Points Firewall App Server Database HTTPS Unrestricted Internal Network Internet Firewall
@adam_englander Identify Entry Points Firewall App Server Database HTTPS Unrestricted Internal Network Internet Firewall
@adam_englander Identify Entry Points Firewall App Server Database HTTPS Unrestricted Internal Network Internet Firewall
@adam_englander Identify Dependencies
@adam_englander Out-of-Band Dependencies CI/CD Server Library RepositoryCode Repository Configuration Management Build Tools 3rd Party Code 3rd Party Libraries
@adam_englander Internet Internal DMZ Critical Dependencies Firewall Load Balancer MySQL MySQL App Server Firewall DNS SMTPCDN Alerting Stats Bastion Logs Consumer Payment CA
@adam_englander Internet Internal DMZ Secondary Dependencies Firewall Load Balancer MySQL MySQL App Server Firewall DNS SMTPCDN Alerting Stats Bastion Logs Consumer Payment CA
@adam_englander Identify Anything Else Significant
@adam_englander Identify Threats
@adam_englander What about fully mitigated threats?
@adam_englander Identify Actors Lone Gunman Competitor Organized Crime Nation State Hactivist Internal Attacker
@adam_englander Identifying Threats with STRIDE • Spoofing - The attacker presents themselves as another user • Tampering - Altering code, data, processes • Repudiation - Providing ability to deny you performed an action • Information disclosure - Attacker discloses secret information • Denial of Service - You system is partially of fully unavailable • Elevation of Privilege - Accessing items for higher level user
@adam_englander Mapping Attacks with Attack Trees Access Database From Web Server Internal Network Remote Execution SQL Injection Stolen Credentials Authorized User
@adam_englander Quantifying Risk with DREAD • Damage – how bad would an attack be? • Reproducibility – how easy is it to reproduce the attack? • Exploitability – how much work is it to launch the attack? • Affected users – how many people will be impacted? • Discoverability – how easy is it to discover the threat?
@adam_englander Resolve the Threat
@adam_englander Mitigate Large Threats in Stages Terrible Bad Okay Complete
@adam_englander There Is No Absolute Terrible Bad Okay Complete
@adam_englander Quick Reduction of Threat Terrible Bad Okay Complete
@adam_englander Acceptable Reduction Terrible Bad Okay Complete
@adam_englander Complete Mitigation Terrible Bad Okay Complete
@adam_englander Example: Insider Attack
@adam_englander Actor Lone Gunman Competitor Organized Crime Nation State Hactivist Internal Attacker
@adam_englander Asset Commerce Site DB Credentials SMTP Credentials Payment GW Creds Encryption Keys SSL Certs SSL Private Keys Access to SMTP Database Cust Emails Cust Billing Data Cust PII Payment Data Order History User Credentials User Emails Shopping Carts Sessions Inventory/Pricing Transaction Logs SMTP DKIM Creds Mail Logs Payment Gateway Purchase History Charge/Refund Authority Log Server Raw Logs Host Names Stack Traces Client IPs User Behavior Internal Network DB Admin Creds Hosting Creds DNS Admin Creds Payment GW Admin Creds Encryption Keys SSL Certs SSL Private Keys
@adam_englander Entry Point Firewall App Server Database HTTPS UnrestrictedMySQL/TLS Internal Network Internet Firewall
@adam_englander Attack Tree Access Database From Web Server Internal Network Remote Execution SQL Injection Stolen Credentials Authorized User
@adam_englander Attack Tree Stolen Credentials From App Server Code Repository From CI Server
@adam_englander Inside attackers can access all customer PII and PC data from databases using credentials from code repositories on any computer on the internal network and not be discovered via logging
@adam_englander DREAD • Damage: Liability for stolen credit card transactions, loss of credibility, loss of revenue • Reproducibility: The skills necessary would be knowing how to copy down the git repo and execute queries via mysql • Exploitability: There are no considerations beyond install git and mysql-client to perform the attack
@adam_englander DREAD • Affected Users: All user PII and billing data would be accessible • Discoverability: Any user with minimal knowledge of the framework would know how to find configs containing DB credentials and connection information.
@adam_englander Quick Reduction • Database access and query logging for non- repudiation • Restrict read access to the git repo
@adam_englander Mitigation Phase 1 • Have credentials setup on servers by admins • Remove database credentials from git repo • Change credentials to prevent leaked credentials from being utilized going forward
@adam_englander Phase 2 • Restrict access for users to appropriate data • Restrict access to appropriate IP addresses
@adam_englander Phase 3 • Encrypt PII and PC data in the database • Develop and implement key rotation strategy for application secrets
@adam_englander Completely Mitigate • Anonymize link between PC data and PII • Create honey pots for credentials still in git repos that will allow users to see what appears to be real data. These logins will be recorded and alerts will be sent to security personnel to apprehend the culprit
@adam_englander How do I get started?
@adam_englander Right Now: Knock out the OWASP Top 10!
@adam_englander OWASP Top 10 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project
@adam_englander Near Term: Incorporate threat modeling into your Software Development Lifecycle
@adam_englander Threat Modeling in SDLC Design Threat Model Build Threat Model Release Test
@adam_englander Long Term: Map out and model you applications.
@adam_englander Long Term: Improve your skills!
@adam_englander Elevation of Privilege Card Game https://www.microsoft.com/en-us/SDL/ adopt/eop.aspx https://www.microsoft.com/en-us/SDL/adopt/eop.aspx
@adam_englander Threat Modeling: Designing for Security By Adam Shostack ISBN-13: 978-1118809990
@adam_englander Red/Blue Team Field Manual
@adam_englander Security BSides http://www.securitybsides.com BSidesPDX October 2018 https://bsidespdx.org/ BSidesSeattle Feb 2019 http://www.bsidesseattle.com/ BSides Vancouver March 2019 https://www.bsidesvancouver.com/ BSidesSF April 2019 https://bsidessf.org/ BSides Boise November 2018 https://www.bsidesboise.org/ BSides Calgary 2019 https://www.bsidescalgary.org/
@adam_englander Please Rate This Talk https://joind.in/talk/d74c2

Recommandé

Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 

Recommandé

Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationCybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationMonchai Phaichitchan
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Cyber security
Cyber securityCyber security
Cyber securitySamsil Arefin
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Threat Modeling for Dummies
Threat Modeling for DummiesThreat Modeling for Dummies
Threat Modeling for DummiesAdam Englander
 
IoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersAdam Englander
 

Contenu connexe

Tendances

Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationCybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationMonchai Phaichitchan
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 

Tendances (20)

Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationCybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentation
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_application
 
Security testing
Security testingSecurity testing
Security testing
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Cyber security
Cyber securityCyber security
Cyber security
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 

Similaire à Threat Modeling for Dummies - Cascadia PHP 2018

Threat Modeling for Dummies
Threat Modeling for DummiesThreat Modeling for Dummies
Threat Modeling for DummiesAdam Englander
 
IoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersAdam Englander
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119lior mazor
 
Eyes on the ground: why you need security agents
Eyes on the ground: why you need security agentsEyes on the ground: why you need security agents
Eyes on the ground: why you need security agentsNathan Cooprider
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Tom Eston
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOsama Mustafa
 
DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.Глеб Хохлов
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 
7 Ways To Cyberattack And Hack Azure
7 Ways To Cyberattack And Hack Azure7 Ways To Cyberattack And Hack Azure
7 Ways To Cyberattack And Hack AzureAbdul Khan
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclavefluturads
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationTejaswi Agarwal
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
3DPassword_AakashTakale
3DPassword_AakashTakale3DPassword_AakashTakale
3DPassword_AakashTakaleAakash Takale
 

Similaire à Threat Modeling for Dummies - Cascadia PHP 2018 (20)

Threat Modeling for Dummies
Threat Modeling for DummiesThreat Modeling for Dummies
Threat Modeling for Dummies
 
IoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net Builders
 
Null bachav
Null bachavNull bachav
Null bachav
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
 
Eyes on the ground: why you need security agents
Eyes on the ground: why you need security agentsEyes on the ground: why you need security agents
Eyes on the ground: why you need security agents
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC Webinar
 
DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for Nonprofits
 
7 Ways To Cyberattack And Hack Azure
7 Ways To Cyberattack And Hack Azure7 Ways To Cyberattack And Hack Azure
7 Ways To Cyberattack And Hack Azure
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclave
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
3DPassword_AakashTakale
3DPassword_AakashTakale3DPassword_AakashTakale
3DPassword_AakashTakale
 

Plus de Adam Englander

Making PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxMaking PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxAdam Englander
 
Practical API Security - PyCon 2019
Practical API Security - PyCon 2019Practical API Security - PyCon 2019
Practical API Security - PyCon 2019Adam Englander
 
ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityAdam Englander
 
ZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in DepthZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in DepthAdam Englander
 
Dutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersDutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersAdam Englander
 
php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2Adam Englander
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futureAdam Englander
 
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Adam Englander
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Adam Englander
 
Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018Adam Englander
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Adam Englander
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Adam Englander
 
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureAdam Englander
 
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTCon Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTAdam Englander
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersAdam Englander
 
ZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingAdam Englander
 
ZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerAdam Englander
 
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatSymfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatAdam Englander
 
Coder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingCoder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingAdam Englander
 
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Adam Englander
 

Plus de Adam Englander (20)

Making PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxMaking PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptx
 
Practical API Security - PyCon 2019
Practical API Security - PyCon 2019Practical API Security - PyCon 2019
Practical API Security - PyCon 2019
 
ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API Security
 
ZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in DepthZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in Depth
 
Dutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersDutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for Beginners
 
php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the future
 
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018
 
Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018
 
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
 
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTCon Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
 
ZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is Coming
 
ZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async Primer
 
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatSymfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
 
Coder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingCoder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is Coming
 
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
 

Dernier

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 

Dernier (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Threat Modeling for Dummies - Cascadia PHP 2018