This document provides an overview of threat modeling in the DevSecOps software development lifecycle. It discusses the threat modeling process, which includes decomposing the application, determining and ranking threats using STRIDE and DREAD models, and determining countermeasures. The document outlines the key steps in application decomposition, such as creating context diagrams, data flow diagrams, and access permission matrices. It also provides examples of how to apply STRIDE threats and the DREAD methodology to rank threat impacts. Finally, it discusses using threat trees and security control checklists to determine appropriate countermeasures.
Bio
From Fortune 100 to start-up companies, Robert Grupe is an international professional with practitioner, leader, and consultant experience in market strategy, development, and support for global leaders in aerospace, electro-optic, information security, and health care industries.
Robert is a registered Certified Information Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), and Project Management Professional (PMP).