OWASP Global AppSec US 2021 has ended
Back To Schedule
Friday, November 12 • 4:00pm - 5:00pm
Security Design Anti-Patterns – Creating Awareness to Limit Security Debt

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This speech discusses observed Security Anti-Patterns as outcomes of Threat Modeling activities which require extensive rework if not accounted for in the design phase of the SDLC.
It also gives guidance on how to identify these Security Design Anti-Patterns in order to create awareness for Developers and Threat Modeling practitioners.

Mitigating Threats by implementing missing controls is part of fixing (acquired) Security Debt.
Threat Modeling activities aim at identifying missing controls very early on in the design phase of the SDLC.
However, not all Security Design flaws are created equal in terms of how easily they can be fixed. Apart from the impact that unmitigated threats have to a system’s security posture there is also the cost that development teams will have to bear associated with implementing missing controls.
Some design flaws or security threat mitigations can be fixed easier than others. Anti-Patterns described in the speech could result in a complete re-design of applications to fix security debt.
Worst case, the whole new system will not be allowed to be launched by compliance or the new system cannot be extended easily in a secure way.

avatar for Joern Freydank

Joern Freydank

Lead Cyber Security Engineer with more than 20 years of experience. Currently establishing the Threat Modeling Program at major insurance company.Performed Application Security review and designed new Ci/CD Controls for AWS cloud based Java and NodeJS applications. Designed and developed... Read More →

Friday November 12, 2021 4:00pm - 5:00pm PST