Threat Modeling Volcanoes: Patterns of Expandable Systems

September 28, 2024
11:10am
Seacliff A/B
Expert Talk

About this session

Dynamic external systems, such as vendor systems that evolve through add-ons and plug-ins while frequently interacting with internal systems, present unique challenges for threat modeling. Traditionally, these complex systems were viewed as ‘black boxes’ and were often excluded from threat models. However, their expandability and integration with custom internal systems now require detailed threat modeling.

This presentation explores practices for modeling these complex integrations. Attendees will gain valuable insights into effective patterns and methodologies, learn about the associated threats, and discover practical examples and mitigation techniques for these specialized systems.

About the speaker

Principal Product Security Engineer and Security Architect with more than 20+ years of experience, OWASP Conference Speaker and security podcast participant covering topics of Threat Modeling and Security Design Patterns. Currently working at Splunk securing the Company's Products and Services.

Speaker

Speakers

Joern Freydank
Principal Product Security Engineer, Splunk