Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application/service is externally facing or for internal use only, it is mandatory to identify and understand the scope of potential cyber risks and threats it poses to the organization. But where and how do you start with an accurate threat model? Nick can discuss how to approach this and create a model that's useful to security and developers alike.
Segment Resources
- github.com/trailofbits/publications/blob/master/reviews/2022-12-curl-threatmodel.pdf
Visit securityweekly.com/asw for all the latest episodes!
Show Notes: securityweekly.com/asw229
00:00 - Beginning
01:38 - Intro
02:59 - What Mistakes Do Companies Make in the Cloud?
10:40 - Kubernetes isn't secure out of the box
18:09 - Security in the Software Stack
21:52 - SBOMs and the Future of Software
23:37 - How big is the problem of insecure coding in the cloud?
25:56 - Machine Learning and AI Security
29:24 - The Future of Safety in ML and AI
31:39 - The Threats of ML and the Cloud
36:15 - App Security: Explained in 3 Words
37:16 - Outro
- What's the Best Way to Threat Model - Nick Selby - ASW #229 ( Download)
- QPP 41: Nick Selby ( Download)
- Reddit Breach, Toyota Bugs, OpenSSL Vulns, Top 10 Web Hacking Techniques of 2022 - ASW #229 ( Download)
- Interview: Nick Selby, security consultant and police detective ( Download)
- Top tips to secure your dream home - How to buy, sell and let with ESPC ( Download)
