Recent Presentation (April 29th, 2013)
Threat Modeling - The First Step in Secure Application Development
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.
To address these issues security needs to be integrated into the software development lifecycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.
This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.
Part 1 (Link)
Part 2 (Link)