GOTO Berlin is a vendor independent international software development conference with more that 60 top speakers and 600 attendees. The conference covers topics such as Java, Open Source, Agile, Architecture, Design, Web, Cloud, New Languages and Processes.
Folker Bernitt, TweetSoftware Craftsman, ThoughtWorker
Biography: Folker Bernitt
I'm a developer with more than ten years of professional experience. I care about software design and testing. My current focus is on security and privacy of Internet communication.
Twitter: @_CodEx_
Presentation: TweetDipping Your Toes Into Threat Modeling
Security, though part of software development since its early days, has recently become increasingly important. Still, thinking about security is often something that only happens at the beginning and at the end of a project. During the early phase of a project, a lot of concerns and possible mitigations are brought up on the drawing table in an euphoric atmosphere. Then a (longer) period of development often follows, i.e. implementation. When the release is looming, someone brings up penetration testing, which then produces a bunch of issues that have to be fixed before the initial go-live.
Is there a better approach to your project’s security than the notorious “security sandwich”?
Is there a more structured way to identify threats and make threat modeling part of every story and a continuous project companion?
Are there tools that might provide you a little bit of support?
How can you best decide whether a threat is a real risk for your company?
This talk tries to give a brief overview of threat modeling and provide a good starting point for your project.