Back To Schedule
Saturday, November 21 • 14:15 - 15:00
Use the OWASP Threat Modeling Playbook to Improve your Product Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
We consider threat modeling a foundational activity to improve your software assurance or product security.   We have trained hundreds of experts and consulted with as many clients regarding threat modeling. We found that a well-established threat modeling practice will measurably decrease security issues of delivered products. But performing a threat modeling exercise is one thing. Scaling it up as a standard practice in an organization is another. Threat modeling is often considered a manual and costly activity with an unpredictable outcome. We pulled together our Toreon threat modeling vision and strategy with OWASP best practices (like OWASP SAMM and the AppSec champion playbook) to create a ‘Threat modeling playbook’. The playbook shows you how to turn threat modeling into an established, reliable practice in your development teams and in the larger organization.  
We released this and an open source OWASP project for everyone to use and improve upon.
We encourage you to download and use our playbook. Try it with your own team or on a pilot project. And let us know how it works and how we can improve the playbook.
With you, we can create a community to support and continuously improve ‘Threat modeling playbook’. Together, we can make threat modeling more widely available. This in turn will make all of our software more secure.
GitHub repository https://github.com/Toreon/threat-model-playbook
OWASP project page https://owasp.org/www-project-threat-modeling-playbook/
Outline talk Threat modeling  Leveling up – we need a playbook! Get stakeholder buy-in Embed in your organization Training your people Strengthen your processes Innovate with technology Open sourcing our playbook / demo Q&A

avatar for Sebastien Deleersnyder

Sebastien Deleersnyder

CEO, Toreon
Seba (https://twitter.com/Sebadele)  is co-founder, CEO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board and performed several public presentations on Application Security. Seba... Read More →

Saturday November 21, 2020 14:15 - 15:00 WIB