PPT-Microsoft SDL Threat Modeling

Michael Howard mikehowmicrosoftcom mikehowmicrosoftcom Microsoft employee for 17 years Always in security Worked on the SDL since inception Who Is This Guy Introduction Goals of Threat Modeling. The easy way to threat model . Adam Shostack. Microsoft. Photo: “Chef . David . Adjey. ” . by . NAIT TCI Photo Dept. http://www.flickr.com/photos/nait/4438905748/ . . Telling most people to “Think like an attacker” is a lot like telling them to think like a professional chef. They lack context, training and understanding of what that means, even if they know how to cook.. Adam Shostack. Microsoft. Outline. Engineering in Large Projects. Threat Modeling. Usability Tools. A Software Engineer’s Day. Solve customer problems. Write code. Build cool stuff. Change the world. in the garden of Eden. Mano . ‘dash4rk’ Paul. HackFormers . ABC’s about me. Author. Official (ISC). 2. Guide to the CSSLP. Advisor. (ISC). 2. Software Assurance Advisor. Biologist (Shark). Christian. :. Drawing Developers . into Threat Modeling. Adam Shostack. Microsoft. @. adamshostack. Background. 15 years of structured security approaches at Microsoft. Threat modeling (“Threats to our Products”, 1999). Senior Security Technologist. Enterprise Threat Modeling with . TAMe. SEC307. Related Sessions, HOLs, Certifications etc. SEC08 HOL - Microsoft Threat Analysis and Modeling: Managing Risk in Your Applications. Tõnis Tikerpäe. Primend Service Manager. Microsoft P-Seller. Sobering statistics . The frequency and sophistication of cybersecurity attacks are getting worse.. $3.5M. The average cost of a data breach to a company . Mike Grimm. November 8, 2012. Goals for a Security Development Process (“SDL”). Secure by Design. Reduce the number of vulnerabilities. Which reduces the number of security updates. But you can never remove all vulnerabilities. Marin Frankovic. Datacenter. TSP. mafranko@microsoft.com. $3.5M. The average cost of a data breach to a company . The frequency and sophistication of cybersecurity attacks are getting worse.. Sobering statistics . Ken De Souza. KWSQA, April 2016. V. 1.0. Source: http://. www.troyhunt.com. /2016/02/controlling-vehicle-features-of-. nissan.html. GET https://[redacted].com/orchestration_1111/. gdc. /. BatteryStatusRecordsRequest.php?RegionCode. Speaker Name. Title. AUGUST 2016. The frequency and sophistication of cybersecurity attacks are getting worse.. The median # of days that attackers reside within a victim’s network before detection . 20 August 2009. Jon C. Arce . – . jonarce@microsoft.com. Agenda. What is the SDLC?. In the beginning . Waterfall to Agile Methodologies. Scrum. Roles (Security). Security Development Lifecycle. Microsoft SDL . Engineers are People Too Adam Shostack Microsoft Outline Engineering in Large Projects Threat Modeling Usability Tools A Software Engineer’s Day Solve customer problems Write code Build cool stuff Change the world Protect your users—and business—from advanced phishing, spear phishing, and malware attacks with Vade Secure for Microsoft 365. Sitting inside Microsoft 365 thanks to its native API integra Development and Testing of Navy Torpedoes in A Full Fidelity Simulated Undersea Environment . ITEA July 2021. Carlos Godoy. carlos.godoy@navy.mil . Kenny Sanchez . kenneth.s.sanchez@navy.mil. Acknowledgement.