Cloud Security Engineering: Applied Threat Modeling
November 18, 2020 – 10:45AM EST
In this workshop, participants will learn how to apply threat modeling concepts to cloud-native application architectures to expose attack surfaces. Our case study will be a cloud-native SaaS, multi-tenant application running in AWS.
We will be applying attack methodologies from the open source community and attack libraries from Mitre (e.g., ATT&CK, CAPEC), as well as from the Common Architectural Weaknesses and Exposures (CAWE) taxonomy. Participants will each produce a working threat model. We will use publically available tools for the threat modeling exercise to uncover application design defects that can be exploited. Our goal is to understand how cloud-native applications work holistically and to dive deep into topics such as: container orchestration; micro services; advanced authentication; secrets management; and data processing risks.
- Demonstrate advanced threat modeling skills that are necessary to analyze cloud-native applications.
- Define the attack surface for a SaaS multi-tenant application.
- Conduct advanced attack simulations on a cloud-native architecture to validate findings and remediation efforts.
You need to purchase your pass and register for Security Congress before you can save your spot to attend this session.