BROADCASTS.com

b'One of the most important weapons in our arsenal for securing applications is threat modeling. Applications are becoming increasingly complex and new technologies are emerging constantly. In this scenario, building or attacking applications is challenging. Threat models can help attackers discover design vulnerabilities and mount complex attacks. These models give secure application developers a great amount of leverage to envision their design, implementation and soundness of their architectures. Being living documents they also carry forward any knowledge gained from previous development life cycles and are invaluable in understanding the impact of any changes to the overall security posture of the applications. Understanding and constructing meaningful threat models is hard. Application teams and attackers need to be aware of what they want to model, how they want to model and when they want to model. Rapid Threat Modeling will help them develop models rapidly while reutilizing data they gathered either through reconnaissance or through the software development lifecycle. A practical hands-on demonstration of modeling threats for complex managed application will allow for immediate use of any threat modeling knowledge gained.\\n\\n\\nAkshay Aggarwal currently works for IOActive Inc. as a computer security consultant where he is responsible for conducting security architecture design, application and source-code assessments and vulnerability research. He helps Fortune 100 clients evaluate the security of their software products and applications and develop threat models. He has authored several research papers and been invited to speak at many forums like the Multi-University Research Initiative for Protocol Development and the Center for Information Technology Research in Interest of Society. Akshay holds a MS in Computer Science from the University of California at Davis. There, at the renowned Computer Security Lab, he conducted research on Internet worms and Intrusion detection systems.'