DeepSec 2019 Talk: Lost in (DevOps) Space – Practical Approach for “Lightway” Threat Modeling as a Code – Vitaly Davidoff
Threat Modeling is a main method to identify potential security weaknesses, and is an important part of any secure design. Threat Modeling provides a model to analyze how to best protect your assets, prevent attacks, harden your systems, and efficiently prioritize security investment. Regardless of programming language, Threat Modeling provides a far greater return than most other security techniques in the software development life cycle (SDLC) process. Therefore, Threat Modeling should be an early priority in application design process. Unfortunately, it is common knowledge that building a full threat model is always heavily resource intensive, requires a full team of expensive security professionals, takes up far too much time, and is not scalable. This talk will describe modern Threat Modeling methodology and practices that can be fully incorporated into your existing agile process. We will discuss how to architect a robust Threat Modeling framework to be part of an Secure SDLC approach.
We asked Vitaly a few more questions about his talk.
Please tell us the top 5 facts about your talk.
Threat Modeling is a very important process, but not aligned with Agile development process and DevOps paradigm. Security specialists do not scale enough and don’t have time to run Threat Modeling exercises for every new feature or change in design – as a result, in some cases we just skip Threat Modeling or doing it partially. I’ll provide a practical solution to adopt this process into the software development life cycle. I’ll show you how we can use Threat Modeling outputs for automate security activities in the CI/CD pipeline.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I wanted to share my experience running Threat Modeling exercises in global companies. I’ve learned, that even security experts have a problem with building a mature Threat Modeling process and align it with current development strategies.
Why do you think this is an important topic?
Threat Modeling is the only way to identify potential threats and abuse-cases in design and define countermeasures. If we don’t have this process in place we lean on “intuitive” security. In this case we open a door for potential breaches and as a result, financial penalties and reputation loss.
Is there something you want everybody to know – some good advice for our readers maybe?
Threat Modeling process automation is a practical approach. I believe in “If it works for us – why can’t it work for you? ” – This process is very important, but only a part of a full Threat Modeling process! Feature based questionaries or diagrams will provide a first level for understanding the criticality and will be used as a base for an efficiently prioritized security investment in your project.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
I think, we’ll see Risk Based Security Lifecycle Management systems/frameworks. At least two big vendors working on this approach these days and I hope to see holistic solution very soon (maybe next year … )
I have about 15 + years’ experience as a developer and more than 7 years in the application security field. Applications Products Security Expert at Citi Bank Innovations Lab TLV Israel. In this position I am responsible to provide Application Security solutions for many products, including analyzing security risks in multidisciplinary systems according to the customer system characterization, defining required security controls to handle identified security threats, perform code and design reviews, threat modelling and many other activities.
Certifications: CISSP, CSSLP