11-20, 16:00–16:50 (Canada/Eastern), Hackfest - Track 1
Language: English
Whether you are a builder or a defender, keeping your applications secure grows increasingly hard as they increase in number and complexity, especially without a proper game plan. This talk aims to explore a solution in Threat Modeling, a process that enables developers and security professionals alike to pinpoint security requirements and identify weaknesses and vulnerabilities before they make it into a product as well as quantify threat and prioritize remediation efforts for existing vulnerabilities.
This talk is addressed to current and future software professionals (developers, testers and security specialists) and aims to present the concept of Threat Modeling as well as some of the industry-standard tools and methodologies. After this talk, attendees should feel ready to apply the STRIDE methodology to perform basic threat modeling on their own systems as well as understand the value that it brings to an organization and, more precisely, a software development team. It is recommended to have a basic understanding of common threats and threat sources before attending this session.
Samuel Dussault is an Application Security Architect at Genetec, where he specializes in Windows and Web application security. His past work experience includes software development and architecture, penetration testing, secure source code review, bug bounty program management and secure software development lifecycle (SDLC) pipeline configuration and maintenance for multiple medium to large companies. Samuel also has a bachelor's degree in Computer Sciences from Laval University and is a Certified Offensive Security Professional (OSCP) and Web Expert (OSWE).