The open-source tool Threagile enables agile teams to create a threat model directly from within the IDE using a declarative approach: Given information about the data assets, technical assets, communication links, and trust boundaries as input in a simple to maintain YAML file, it executes a set of over 40 built-in risk rules, which can be extended with custom risk rules, against the processed model. The resulting artifacts are graphical diagrams, Excel, and PDF reports about the identified risks, their rating, and the mitigation steps as well as risk tracking state. DevSecOps pipelines can be enriched with Threagile as well to process the JSON output.

Speaker(s): Christian Schneider

Location: Appsec Vlg

Discord: https://discord.com/channels/7082082...33026982690876

Event starts: 2020-08-09 09:00 (09:00 AM) PDT (UTC -07:00)

Event ends: 2020-08-09 09:45 (09:45 AM) PDT (UTC -07:00)

For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T02:26 (UTC).