Cloud Security Engineering: Applied Threat Modeling

November 18, 2020 – 10:45AM EST

In this workshop, participants will learn how to apply threat modeling concepts to cloud-native application architectures to expose attack surfaces. Our case study will be a cloud-native SaaS, multi-tenant application running in AWS.

We will be applying attack methodologies from the open source community and attack libraries from Mitre (e.g., ATT&CK, CAPEC), as well as from the Common Architectural Weaknesses and Exposures (CAWE) taxonomy. Participants will each produce a working threat model. We will use publically available tools for the threat modeling exercise to uncover application design defects that can be exploited. Our goal is to understand how cloud-native applications work holistically and to dive deep into topics such as: container orchestration; micro services; advanced authentication; secrets management; and data processing risks.

Learning Objectives

  • Demonstrate advanced threat modeling skills that are necessary to analyze cloud-native applications.
  • Define the attack surface for a SaaS multi-tenant application.
  • Conduct advanced attack simulations on a cloud-native architecture to validate findings and remediation efforts.

Richard Tychansky

Security Architect

You need to purchase your pass and register for Security Congress before you can save your spot to attend this session.