06-14, 15:30–16:05 (Europe/Prague), E104 (capacity 72)
Threat modeling is one of the most critical activities if you release any software to the web. There are numerous tools, books (one of each is mine), and tutorials on making it suitable. My talk has a different intent - it walks you through bad practices. How the modeling is wrong, and how bad actors can exploit that.
Here is an example:
Only one person in the company does Threat modeling. On the surface, the "hero" approach might be a good use of someone's time, but in the end, the thread modeling attendees' diversity matters. I'll give you some statistics from an exercise where the group put their heads together to protect a beer tap and a dog.
I'll also focus on actual use cases like this:
We do it once a year as a "team building exercise."
We need to know a threat model before we use all the automated/helping tools.
We know everything, and our model is the best.
I've survived two breaches, and we could have prevented them using proper threat modeling.
The talk is interactive, full of fun stories and a bit of metal music. This talk aims to engage with anyone in the Secure Software development chain and encourage you to adapt your processes to secure your software by knowing and refusing those evil practices.
Human. Artist. Hacker. I care about free and open-source software(F/LOSS), cybersecurity, ethical design, privacy, and technology. 20+ experience in technology. 40+ in being human. I encourage people to become better humans with heavy metal and technologies. I also promote technologies to be considerate of humans. Let's see how it goes!
I am contributing to Thunderbird as a Council member (mandate 2024) and a few other projects in the Fedora and Mozilla universe.
My daytime work is on Digital Trust with Gen.
Located in Prague, I was born and raised in Bulgaria.
matrix: @bogomil:fedora.im | fediverse: @bogo@hapyyr.org
Rock on!