Cloudy with a chance of threat models

498c20b8d93ee0ff7b071340f2a8fc90?s=47 zeroXten
October 19, 2017

Cloudy with a chance of threat models

Introducing the OWASP Cloud Security project. Borne out of the awesome OWASP Summit 2017, this project aims to help organisations get started with understanding the types of threats they may face when running services in the cloud by providing easy to use and adaptable threat models. But knowing the threats is only half the battle, so the project also provides mitigations in the form of BDD stories. This talk covers the threat modelling process, some of the interesting findings, looks at using BDD for cloud security and even includes a few sneaky tools.



October 19, 2017