OWASP Global AppSec US 2021 has ended
Back To Schedule
Friday, November 12 • 4:00pm - 5:00pm
Application Threat Modeling Implementation Tips and Tricks

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Threat modeling is a structured approach that enables you to identify, quantify, and address the security risks associated with an application. It could be utilized during the SDLC process in several ways; these range from verifying application architecture, identifying and evaluating threats, designing countermeasures, to penetration testing based on a threat model.

The primary purpose of this talk is to provide essential knowledge and valuable tips and tricks that application security researchers need to know when designing and implementing application threat modeling.
The talk will discuss the best practices to draw the data flow diagram (DFD) for some advanced cases that include micro-services architecture based applications, designing the DFD processes for the applications developed with client-side frameworks, in addition to some tips in analyzing the application’s DFD to list all possible logical threats.

avatar for Mohamed Alfateh

Mohamed Alfateh

Cyber Security, ZINAD IT
Mohamed Alfateh is the OWASP Cairo chapter leader. He has a vast and deep experience in secure SDLC, code review & application threat modeling, in addition to DevSecOps and security compliance. Mohamed has several OWASP contributions; he is a board member of the OWASP Chapter Committee... Read More →

Friday November 12, 2021 4:00pm - 5:00pm PST