Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316 - podcast episode cover

Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316

Application Security Weekly (Audio)
Feb 04, 20251 hr 12 min
--:--
--:--
Listen in podcast apps:
Metacast
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Threat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares what she's learned from talking to orgs about what's been successful, and what's failed, when they've approached this practice. Akira Brand joins to talk about her direct experience with building threat models with developers.

Speculative data flow attacks demonstrated against Apple chips with SLAP and FLOP, the design and implementation choices that led to OCSP's demise, an appsec angle on AI, updating the threat model and recommendations for implementing OAuth 2.0, and more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-316

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316 | Application Security Weekly (Audio) podcast - Listen or read transcript on Metacast