Managing Application Security Risk with Threat Modeling

Download Resource

Slide deck by security experts Chris Bush & Tom Eston

This presentation covers the following topics:

  • What is threat modeling
  • Why treat model and why not
  • What is the threat modeling process
    • Create a treat model in five easy steps
    • Threat modeling requirements and objectives
    • DFD Context Diagram
    • Threats enumeration
    • The STRIDE model
    • Threat mitigation and validation
  • Threat modeling in modern application development
    • Agile threat modeling
    • Threat modeling and DevSecOps
  • How to develop a security mindset

You can also watch Chrish Bush and Tom Eston webcast on demand.

Chris bush

About the author, Chris Bush

Bishop Fox Alumnus

Chris Bush is a Bishop Fox alumnus. He was a managing security consultant at Bishop Fox. He has extensive experience in IT and information security consulting and solutions delivery, providing expertise in application security, including the performance of security assessments, security code reviews and penetration testing of client applications as well as development of security testing processes and methodologies.

Having been a contributing member of the information security community for many years, Chris has served as a volunteer for OWASP as a Technical Project Advisor, as an officer of the (ISC)2 Cleveland Chapter and has spoken at a variety of regional and national security conferences and user group meetings on subjects including secure coding, threat modeling, and other topics in software security. At Bishop Fox, Chris has been instrumental in creating application security thought leadership. He has authored blog posts on threat modeling in DevSecOps as well as the importance of secure code review in DevSecOps. Additionally, he has co-hosted webcasts focused on application security.

Chris is a Certified Information Systems Security Professional (CISSP) and holds a Bachelor of Science in Computer Science from the State University of New York at Buffalo and a Master of Science in Computer Science from the State University of New York at Binghamton.
More by Chris
Tom Eston

About the author, Tom Eston

VP of Consulting and Cosmos at Bishop Fox

Tom Eston is the VP of Consulting and Cosmos at Bishop Fox. Tom's work over his 15 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and co-host of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon.
More by Tom

Extend Your Knowledge

Check out these related resources.

Bishop Fox on-demand webcast on Threat Modeling in DevSecOps presented by security experts Tom Eston and Chris Bush
Webcast

What Bad Could Happen? Managing Application Risk with Threat Modeling

What if security could become an integral framework within the software development process? Join Tom Eston and Chris Bush to learn how Threat Modeling is changing the way organizations manage application security risks.

Learn More
Purple pupil reflecting code looking for threat to security.
Industry

Nov 08, 2021

Continuous Security: Threat Modeling in DevSecOps

By Chris Bush

Illustration of globe atom circling
Industry

Jun 10, 2021

Applying DevSecOps in Your Organization

By Tom Eston

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.