Using Threat Modeling to Create a DevSecOps plan
About this session
Learn how to use threat models as a guide for creating a plan to select, implement, and configure the right security tools to cover the mitigations identified in the threat model and embed these tools in the right places in the SDLC. Starting with a sample service and its Threat model, we'll explore different types of mitigations (e.g business logic/code mitigations, use of library/tools mitigations, configuration mitigations, and process mitigations) and delve into some security tools used to test those mitigations.