Using Deep Thinking and QA Technical Analysis to Build Secure Software
There is a time and place where your organization requires your professional experience as a Quality professional and an excellent opportunity to showcase your skills. That’s “Threat Modelling Workshops”.
Software security without tangible quality is nothing more than beautifully organized spreadsheets. Your highly trained analytical brain is precious for software security. An AI model cannot replace you.
Real software security comes through deep technical analysis of software architecture, functionality and careful assessment of risk and vulnerabilities. It’s not about thinking like a hacker. It’s about protecting what is most valuable to users of the applications we build or manage. You perform deep technical analysis almost every day! You know it.
During this workshop I'll take you through a Threat Modelling journey. We'll explore together some of the common methodologies such as STRIDE and learn a bit about common security tools and guidelines. We'll use as an example an e-commerce site (i.e. Crazy Goat Beer Shop that’s been hacked) and together we'll analyze its architecture, attack surfaces, attack scenarios, vulnerabilities and come up with feasible recommendations to mitigate risks. We'll look at a sample Threat Modelling report and learn how to extract meaningful information from it.
Let me share how test automation helps for Threat Modelling, and how AI can help you to quickly prepare for these workshops, and how to make a significant impact on your team.
