Dynamic external systems, such as vendor systems that evolve through add-ons and plug-ins while frequently interacting with internal systems, present unique challenges for threat modeling. Traditionally, these complex systems were viewed as ‘black boxes’ and were often excluded from threat models. However, their expandability and integration with custom internal systems now require detailed threat modeling.

This presentation explores practices for modeling these complex integrations. Attendees will gain valuable insights into effective patterns and methodologies, learn about the associated threats, and discover practical examples and mitigation techniques for these specialized systems.