Erlend Oftedal
Developer and security guy. One of his main technical interests is how we as developers can teach ourselves to write better and more secure code. He has built open source security tools, and spoken at several developer and security conferences.
unfold_lessunfold_more Modern WebApp Vulnerabilities
Key takeaways
- You will learn about newer types of vulnerabilities
- You will increase your security awareness
With the emerging popularity of bug bounty programs, lesser known and even brand new vulnerability classes are gaining popularity. This talk will give a walk-though of some of these vulnerabilities, how they occur in modern web applications and how they can be found and fixed.
unfold_lessunfold_more Introduction to Threat Modeling
Key takeaways
- You will learn how to identify weaknesses in your design
- You will learn how to model the system in a way that helps identify issues
Security companies estimate that 50% of security issues are the result of problems in the system design. Such weaknesses cannot be found by automated tools. Threat modeling is the process of analysing your system and try to identify weaknesses in design and missing security controls. This talk will introduce you to threat modeling and explain some of the techniques you can use to identify those threaty threats in your systems.
unfold_lessunfold_more Getting started with Threat Modeling
Key takeaways
- You will learn how to identify weaknesses in your design
- You will learn how to model the system in a way that helps identify issues
Security companies estimate that 50% of security issues are the result of problems in the system design. Such weaknesses cannot be found by automated tools. Threat modeling is the process of analysing your system and trying to identify weaknesses in design and missing security controls. This talk will introduce you to threat modeling and explain some of the techniques you can use to identify those threats in your systems. This workshop will help you get started with threat modeling. We will work in groups and create a threat model for a fictitious system. We will create a diagram, find threats, and discuss how to mitigate the threats. No previous threat modeling knowledge is required to participate. Outline: - Introduction to threat modeling - Practical modeling exercise - Review and discussion - Threat discovery theory - Threat discovery exercise - Review and discussion - Threat mitigation exercise - Review and discussion - Good practices and wrap up