Cloud Security Engineering: Applied Threat Modeling

November 18, 2020 – 10:45AM EST

In this workshop, participants will learn how to apply threat modeling concepts to cloud-native application architectures to expose attack surfaces. Our case study will be a cloud-native SaaS, multi-tenant application running in AWS.

We will be applying attack methodologies from the open source community and attack libraries from Mitre (e.g., ATT&CK, CAPEC), as well as from the Common Architectural Weaknesses and Exposures (CAWE) taxonomy. Participants will each produce a working threat model. We will use publically available tools for the threat modeling exercise to uncover application design defects that can be exploited. Our goal is to understand how cloud-native applications work holistically and to dive deep into topics such as: container orchestration; micro services; advanced authentication; secrets management; and data processing risks.

Learning Objectives

  • Demonstrate advanced threat modeling skills that are necessary to analyze cloud-native applications.
  • Define the attack surface for a SaaS multi-tenant application.
  • Conduct advanced attack simulations on a cloud-native architecture to validate findings and remediation efforts.

Richard Tychansky

Security Architect

You need to purchase your pass and register for Security Congress before you can save your spot to attend this session.

Reminder: to register for and view sessions,
all attendees must sign-up or log into BrightTALK

Trouble logging in for the session? Click here

Already have a BrightTALK account? Click “Log in”

You don’t have to use the same email address as your Congress account

Don’t have an account yet?

Fill out the form to sign up for free!

Think you have an account but forgot your password?

Or you’re seeing this message?

Click here to reset your BrightTALK password

Seeing this screen or the session is playing?

You’re already logged in!

Still having trouble?
Click here to email support

Richard Tychansky

Security Architect