Code, Hack, Run, Drink!

What I Found When Modelling Threats In The Open (Source)

I was honoured to produce my first talk for OWASP London speaking about open source threat modelling from an AppSec perspective.

OWASP – The Open Worldwide Application Security Project. I mentioned in my previous post about OWASP Global AppSec Dublin that they have been with me in my career for virtually the whole time. I am a huge supporter of them.

I have loved meeting Sam Stepanyan, the OWASP London Chapter lead and co-lead on the OWASP Nettacker project, both online through the Beer Farmers and in person. So it was a great honour to be able to speak at OWASP London on 28th February on what it was like to model threats in open source on the Argo CD project. Although sharing similar ground to the talk at OpenUK State of Open Con last month, this was focussed more for AppSec professionals, rather than developers. I also spent some time giving a shout out to my personal AppSec Village. People that I’ve either worked with (Zuhal Vargan and Brett Crawley) or that have been very kind with their time (Mike Thompson, Sean Wright, Daniel Ward, Dan Card, Ian Thornton Trump, and Zoë Rose). These are people that have given me great application security technical advice and I appreciate it!

Further to that there was an explanation on the pitfalls of modelling threats in the open source, why we chose Threagile over OWASP PyTM and OWASP Threat Dragon, and hopefully a bit more explanation.

Feel free to take a look at the video here:

Till the next time!


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *