2,603 subscribers
Go offline with the Player FM app!
Podcasts Worth a Listen
SPONSORED


1 Ep. 42 - RevPar Problems, Real Talk: When Memes meet Metrics with Calvin Tilokee 47:59
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
Manage episode 489216139 series 70666
What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that are more conducive to useful threat models.
Resources:
- https://www.eurekadevsecops.com/agile-devops-and-the-threat-modeling-disconnect-bridging-the-gap-with-developer-insights/
- https://www.threatmodelingmanifesto.org
- https://kellyshortridge.com/blog/posts/security-decision-trees-with-graphviz/
In the news, learning from outage postmortems, an EchoLeak image speaks a 1,000 words from Microsoft 365 Copilot, TokenBreak attack targets tokenizing techniques, Google's layered strategy against prompt injection looks like a lot like defending against XSS, learning about code security from CodeAuditor CTF, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-335
3152 episodes
Manage episode 489216139 series 70666
What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that are more conducive to useful threat models.
Resources:
- https://www.eurekadevsecops.com/agile-devops-and-the-threat-modeling-disconnect-bridging-the-gap-with-developer-insights/
- https://www.threatmodelingmanifesto.org
- https://kellyshortridge.com/blog/posts/security-decision-trees-with-graphviz/
In the news, learning from outage postmortems, an EchoLeak image speaks a 1,000 words from Microsoft 365 Copilot, TokenBreak attack targets tokenizing techniques, Google's layered strategy against prompt injection looks like a lot like defending against XSS, learning about code security from CodeAuditor CTF, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-335
3152 episodes
All episodes
×

1 Citrixbleed 2, Hardware Hacking, and Failed Bans - PSW #882 2:06:05


1 SolarWinds Settlement, Upgrade Your Leadership Instincts to Build Your Legacy - BSW #403 51:58


1 Spying on your kids, Bank Robberies, Qantas, LOTL, sudo, Hunters, Aaran Leyland... - SWN #492 33:26


1 Checking in on the State of Appsec in 2025 - Janet Worthington, Sandy Carielli - ASW #338 1:07:15


1 Identity, AI & Access: Highlights from Identiverse 2025 - Sagi Rodin, Ajay Amlani, Treb Ryan, Ajay Gupta, Artyom Poghosyan, Amir Ofek - ESW #414 1:49:38


1 North Korea, ransomware, social engineering, AI, Apple, Drugs & Iran - SWN #491 28:50


1 Exploring Meshtastic and LoRa Mesh Networks - Rob Allen - PSW #881 1:08:14


1 The Value of Zero Trust - Rob Allen - BSW #402 32:29


1 Sony, Scattered Spider, Hikvision, Cybercrime, Iran, BSODs, Cloudflare, Josh Marpet.. - SWN #490 31:11


1 Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337 38:26


1 The Illusion of Control: Shadow IT, SSO Shortcomings, and the True Path to Security - Dave Lewis - ESW #413 1:52:05


1 Broadcom, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and more... - SWN #489 31:28


1 Is Vuln Management Dead? - HD Moore - PSW #880 2:16:08


1 Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401 1:05:24


1 The Rise of Malware: Salt Typhoon and Spark Kitty - SWN #488 35:37
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.