Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316
4 February - 1 hour 11 minsThreat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares what she's learned from talking to orgs about what's been successful, and what's failed, when they've approached this practice. Akira Brand joins to talk about her direct experience with building threat models with developers.
Speculative data flow attacks demonstrated against Apple chips with SLAP and FLOP, the design and implementation choices that led to OCSP's demise, an appsec angle on AI, updating the threat model and recommendations for implementing OAuth 2.0, and more!
Visit https://www.securityweekly.com/asw for all the latest episode...
Series Episodes
DeepSeek, Nicolas Cage, OpenAI, Hackers, Ransomware, Canada, Joshua Marpet and More - SWN #448
29 mins
4 February Finished
The Growth of Women in Cybersecurity Has Slowed - Why, and What Can We Do About It? - Lynn Dohm - ESW #392
2 hours 11 mins
3 February Finished
.ASS, Deepseek, AI Time Travel, Google, HeartBlocker, TikTok, Aaran Leyland, and More - SWN #447
32 mins
31 January Finished
Cred Vaults, Cheap AI, and Hacking Devices - Matt Bishop - PSW #859
2 hours 5 mins
30 January Finished
AI in 2025: The Shifting Regulatory Landscape For Artificial Intelligence - BSW #380
44 mins
29 January Finished
