OWASP Global AppSec US 2021

Threat modeling is a structured approach that enables you to identify, quantify, and address the security risks associated with an application. It could be utilized during the SDLC process in several ways; these range from verifying application architecture, identifying and evaluating threats, designing countermeasures, to penetration testing based on a threat model.

The primary purpose of this talk is to provide essential knowledge and valuable tips and tricks that application security researchers need to know when designing and implementing application threat modeling.
The talk will discuss the best practices to draw the data flow diagram (DFD) for some advanced cases that include micro-services architecture based applications, designing the DFD processes for the applications developed with client-side frameworks, in addition to some tips in analyzing the application’s DFD to list all possible logical threats.