This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec India Conference 2008 Advanced Threat Modeling"

From OWASP
Jump to: navigation, search
(Advance Threat Modeling)
(Advanced Threat Modeling)
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Advanced Threat Modeling ==
 
== Advanced Threat Modeling ==
  
 +
To secure your home, you will first need to know how the thief could possibly enter and exit and where you should store your valuables. The same is true of your web applications. Unless you know what the vulnerabilities and threats of your web applications are, and what security measures you should take to protect them, ev1L h@x0rS or the enemy within (insider) could take advantage of the vulnerabilities.
  
 +
Threat Modeling is a technique that you can use to identify ATVS (attacks, threats, vulnerabilities and safeguards) that could affect your web applications. Threat Modeling helps in designing your application securely from a confidentiality, integrity, availability, authentication, authorization and auditing perspective. It is an essential activity to be undertaken during the design stage of your SDLC and helps mitigate and minimize overall risk.
  
 +
Come for a <font color="blue">'''fun, hands-on, interactive'''</font> session that will cover the <font color="blue">'''basic and advanced elements of threat modeling'''</font>, filled with <font color="blue">'''exercises for the attendees to participate'''</font>.
  
== About Instructor ==
+
'''Session Coverage'''<br>
 +
The session will cover the following topics <br>
 +
Introduction to Threat Modeling<br>
 +
Threat Modeling Process<br>
 +
Tools, Techniques and Templates<br>
 +
Demos and Hands-On Exercises<br>
 +
and more ...
 +
 
 +
'''Who should Attend?'''<br>
 +
This session is for '''Management, Technical''' (Developer, QA, Security ...) and '''Operational professionals''' and any stakeholder that needs to understand how threat modeling can benefit their organizations/companies in designing secure web applications. Whether you are a novice or an expert apropos threat modeling, you will all leave learning something new to design the next generation of hack-resilient web applications.
 +
 
 +
<font color="red">'''Come and Win exciting Prizes (possibly an iPod)'''</font><br>
 +
First Prize - A FREE voucher to the official (ISC)<sup>2</sup> CISSP&reg; self-assessments (<font color="red">approx. $300 value</font>) (or) <br>
 +
Second Prize - A FREE voucher to the official (ISC)<sup>2</sup> SSCP&reg; self-assessments (<font color="red">approx. $110 value</font>)<br>
 +
Third Prize - An <font color="red">iPod Shuffle</font><br>
 +
 
 +
(ISC)<sup>2</sup> self-assessments are made possible due to courtesy of ''[https://www.expresscertifications.com/isc2 Express Certifications]''<br>
 +
<i>iPod is a registered trademark of Apple Inc.</i>
 +
 
 +
== About the Instructor ==
 
[[Image:Mano_Paul.jpg|thumb|10px|frame|left|Mano Paul]]
 
[[Image:Mano_Paul.jpg|thumb|10px|frame|left|Mano Paul]]
 
<b>Mano Paul</b> (CISSP, MCSD, MCAD, CompTIA Network+, ECSA) is the Founder and CEO at SecuRisk Solutions. Based out of Austin, Texas in the USA, SecuRisk Solutions specializes in three areas of information security solutions - Product Development, Consulting and Awareness, Training & Education.  
 
<b>Mano Paul</b> (CISSP, MCSD, MCAD, CompTIA Network+, ECSA) is the Founder and CEO at SecuRisk Solutions. Based out of Austin, Texas in the USA, SecuRisk Solutions specializes in three areas of information security solutions - Product Development, Consulting and Awareness, Training & Education.  
Line 10: Line 32:
 
Before SecuRisk Solutions, Mano played several roles from software developer, quality assurance tester, logistics manager, technical architect, IT strategist and Security Engineer/Program Manager/Strategist at Dell Inc. His security experience includes designing and developing software security programs from Compliance-to-Coding, application security risk management, security strategy & management, and conducting security awareness training and education.  
 
Before SecuRisk Solutions, Mano played several roles from software developer, quality assurance tester, logistics manager, technical architect, IT strategist and Security Engineer/Program Manager/Strategist at Dell Inc. His security experience includes designing and developing software security programs from Compliance-to-Coding, application security risk management, security strategy & management, and conducting security awareness training and education.  
  
Mano is (ISC)2's Software Assurance Advisor and an appointed Industry representative of Information Systems Security Association (ISSA) Capitol of Texas chapter. He also serves as a faculty member for the ISSA security course at the local university.  
+
Mano is (ISC)<sup>2</sup>'s Software Assurance Advisor and an appointed Industry representative of Information Systems Security Association (ISSA) Capitol of Texas chapter. He also serves as a faculty member for the ISSA security course at the local university.  
  
 
Mano has been featured in various domestic and international security conferences, contributed to and published various security articles and is an invited speaker in the OWASP Application Security Conferences, CSI, Burton Group Catalyst, TRISC and the SC World Congress Conferences.  He is a contributing author for the Information Security Management Handbook, writes periodically for the Certification Magazine and has contributed to several security topics for the Microsoft Solutions Developer Network.
 
Mano has been featured in various domestic and international security conferences, contributed to and published various security articles and is an invited speaker in the OWASP Application Security Conferences, CSI, Burton Group Catalyst, TRISC and the SC World Congress Conferences.  He is a contributing author for the Information Security Management Handbook, writes periodically for the Certification Magazine and has contributed to several security topics for the Microsoft Solutions Developer Network.
  
 
Mano holds the following professional certifications - CISSP, ECSA, LPT, Microsoft Certified Solutions Developer (MCSD), Microsoft Certified Application Developer (MCAD) and the CompTIA Network+ certification.
 
Mano holds the following professional certifications - CISSP, ECSA, LPT, Microsoft Certified Solutions Developer (MCSD), Microsoft Certified Application Developer (MCAD) and the CompTIA Network+ certification.

Latest revision as of 09:27, 13 August 2008

Advanced Threat Modeling

To secure your home, you will first need to know how the thief could possibly enter and exit and where you should store your valuables. The same is true of your web applications. Unless you know what the vulnerabilities and threats of your web applications are, and what security measures you should take to protect them, ev1L h@x0rS or the enemy within (insider) could take advantage of the vulnerabilities.

Threat Modeling is a technique that you can use to identify ATVS (attacks, threats, vulnerabilities and safeguards) that could affect your web applications. Threat Modeling helps in designing your application securely from a confidentiality, integrity, availability, authentication, authorization and auditing perspective. It is an essential activity to be undertaken during the design stage of your SDLC and helps mitigate and minimize overall risk.

Come for a fun, hands-on, interactive session that will cover the basic and advanced elements of threat modeling, filled with exercises for the attendees to participate.

Session Coverage
The session will cover the following topics
Introduction to Threat Modeling
Threat Modeling Process
Tools, Techniques and Templates
Demos and Hands-On Exercises
and more ...

Who should Attend?
This session is for Management, Technical (Developer, QA, Security ...) and Operational professionals and any stakeholder that needs to understand how threat modeling can benefit their organizations/companies in designing secure web applications. Whether you are a novice or an expert apropos threat modeling, you will all leave learning something new to design the next generation of hack-resilient web applications.

Come and Win exciting Prizes (possibly an iPod)
First Prize - A FREE voucher to the official (ISC)2 CISSP® self-assessments (approx. $300 value) (or)
Second Prize - A FREE voucher to the official (ISC)2 SSCP® self-assessments (approx. $110 value)
Third Prize - An iPod Shuffle

(ISC)2 self-assessments are made possible due to courtesy of Express Certifications
iPod is a registered trademark of Apple Inc.

About the Instructor

Mano Paul

Mano Paul (CISSP, MCSD, MCAD, CompTIA Network+, ECSA) is the Founder and CEO at SecuRisk Solutions. Based out of Austin, Texas in the USA, SecuRisk Solutions specializes in three areas of information security solutions - Product Development, Consulting and Awareness, Training & Education.

Before SecuRisk Solutions, Mano played several roles from software developer, quality assurance tester, logistics manager, technical architect, IT strategist and Security Engineer/Program Manager/Strategist at Dell Inc. His security experience includes designing and developing software security programs from Compliance-to-Coding, application security risk management, security strategy & management, and conducting security awareness training and education.

Mano is (ISC)2's Software Assurance Advisor and an appointed Industry representative of Information Systems Security Association (ISSA) Capitol of Texas chapter. He also serves as a faculty member for the ISSA security course at the local university.

Mano has been featured in various domestic and international security conferences, contributed to and published various security articles and is an invited speaker in the OWASP Application Security Conferences, CSI, Burton Group Catalyst, TRISC and the SC World Congress Conferences. He is a contributing author for the Information Security Management Handbook, writes periodically for the Certification Magazine and has contributed to several security topics for the Microsoft Solutions Developer Network.

Mano holds the following professional certifications - CISSP, ECSA, LPT, Microsoft Certified Solutions Developer (MCSD), Microsoft Certified Application Developer (MCAD) and the CompTIA Network+ certification.