Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Kate Broussard to Present at Day of Shecurity Toronto

Past Event
Illustration fox speaking at podium to audience

Bishop Fox's Kate Broussard will be conducting her two-hour workshop "Build A Better Threat Model" at Day of Shecurity Toronto on September 14th. Read the abstract below.

Threat modeling is often approached from a large-scale perspective – what could attackers do to a whole organization? How could they get in? That approach involves algorithms and comprehensive perimeter scans, and it requires a team to accomplish it all within a reasonable timeframe.

But sometimes in pen testing, it’s just you versus an application. In those situations, you don’t have the luxury of being a human scanner, applying every payload to every input to see what sticks. You aren’t working at the same scale as a full perimeter model, and you don’t need to.

Lucky for you, threat modeling can be approached from a more functional side – instead of trying to capture every possible attack vector that might exist in every application to build your methodology, you can take a step back and think about the central actions of an application – Does it handle financial transactions? Does it store personal information? Is it closely linked to other applications with highly sensitive content?

This workshop will help you understand functional threat modeling and how to apply it to any application. Through this method, you can organize your plan of attack, confirm the focus and scope of testing with the client, and you’ll know what DONE looks like in a pen test. This strategy customizes each engagement while also giving you a repeatable methodology to return to with every new application.

Come remodel your sense of threat modeling so you can approach every pen test with confidence and a plan.

Kate broussard

About the speaker, Kate Broussard

Senior Security Consultant

Prior to Bishop Fox, Kate operated an independent application security consulting testing business focused on SMB penetration testing. During these engagements, she routinely exploited cross-site scripting vulnerabilities arising from the use of outdated JavaScript libraries. Kate also has extensive prior experience with web application development, including projects where she designed and developed instructional websites for university faculty. She managed and supervised a team of 30 to perform a large data transformation project on 3,000 files for a public university with over 50,000 enrolled students. Additionally, Kate has extensive experience with software development lifecycle (SDLC) documentation.

More by Kate

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.