Skip to main content

Threat Modelling Workshop for QA Heroes

120-minute Workshop

QA professionals already have most of the technical analysis tools and skills needed to participate in high visibility Threat Modelling workshops and shine.

Deep Dive session

Timetable

2:45 p.m. – 4:45 p.m. Thursday 27th

Room

Room D5 - Track 8: Security Testing Deep Dive

Other Security Testing

Audience

Quality professionals interested in security with little or no knowledge about Threat Modelling

Required

Laptop + access to public GitHub.

Key-Learnings

  • Understand the basis of Threat Modelling and why YOU must participate
  • There is lots of fun when Quality and Security Intersect. Forget about being bored!
  • AI can help you, but it's YOUR brain that Threat Modelling needs.

Using Deep Thinking and QA Technical Analysis to Build Secure Software

There is a time and place where your organization requires your professional experience as a Quality professional and an excellent opportunity to showcase your skills. That’s “Threat Modelling Workshops”.

Software security without tangible quality is nothing more than beautifully organized spreadsheets. Your highly trained analytical brain is precious for software security. An AI model cannot replace you.

Real software security comes through deep technical analysis of software architecture, functionality and careful assessment of risk and vulnerabilities.  It’s not about thinking like a hacker. It’s about protecting what is most valuable to users of the applications we build or manage.  You perform deep technical analysis almost every day! You know it.

During this workshop I'll take you through a Threat Modelling journey. We'll explore together some of the common methodologies such as STRIDE and learn a bit about common security tools and guidelines.  We'll use as an example an e-commerce site (i.e. Crazy Goat Beer Shop that’s been hacked) and together we'll analyze its architecture, attack surfaces, attack scenarios, vulnerabilities and come up with feasible recommendations to mitigate risks. We'll look at a sample Threat Modelling report and learn how to extract meaningful information from it.  

Let me share how test automation helps for Threat Modelling, and how AI can help you to quickly prepare for these workshops, and how to make a significant impact on your team.

Related Sessions

Thu, Nov 27 • 7:45 a.m. – 8:30 a.m.
Room F1+F2+F3 - Plenary

Active Session

Other

Wed, Nov 26 • 2:45 p.m. – 4:45 p.m.
Room D6 - Track 9: Workshops

120-minute Workshop

Other Testability

Wed, Nov 26 • 10:45 a.m. – 12:30 p.m.
Room D6 - Track 9: Workshops

105-minute Workshop

Agile Methodologies Other

Deep Dive session
Tue, Nov 25 • 10:45 a.m. – 11:30 a.m.
Room D5 - Track 8: Security Testing Deep Dive

25-minute Talk

Security Testing