Loading…
OWASP Global AppSec US 2021
Attending this event?
Back To Schedule
Thursday, November 11 • 1:00pm - 2:00pm
Security Design Anti-Patterns – Creating Awareness to Limit Security Debt

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This speech discusses observed Security Anti-Patterns as outcomes of Threat Modeling activities which require extensive rework if not accounted for in the design phase of the SDLC.
It also gives guidance on how to identify these Security Design Anti-Patterns in order to create awareness for Developers and Threat Modeling practitioners.

Mitigating Threats by implementing missing controls is part of fixing (acquired) Security Debt.
Threat Modeling activities aim at identifying missing controls very early on in the design phase of the SDLC.
However, not all Security Design flaws are created equal in terms of how easily they can be fixed. Apart from the impact that unmitigated threats have to a system’s security posture there is also the cost that development teams will have to bear associated with implementing missing controls.
Some design flaws or security threat mitigations can be fixed easier than others. Anti-Patterns described in the speech could result in a complete re-design of applications to fix security debt.
Worst case, the whole new system will not be allowed to be launched by compliance or the new system cannot be extended easily in a secure way.

Speakers
avatar for Joern Freydank

Joern Freydank

Lead Cyber Security Engineer with more than 20 years of experience. Currently establishing the Threat Modeling Program at major insurance company.Performed Application Security review and designed new Ci/CD Controls for AWS cloud based Java and NodeJS applications. Designed and developed... Read More →


Thursday November 11, 2021 1:00pm - 2:00pm PST
On-Line
Feedback form isn't open yet.