The Application Security Podcast

Hendrik Ewerlin -- Threat Modeling of Threat Modeling

Mar 5, 2024

Hendrik Ewerlin, a threat modeling advocate, discusses the importance of threat modeling in software development. He explores the role of threat modeling, emphasizing the dire consequences of overlooking this crucial process. Hendrik stresses the importance of adopting an effective, efficient, and satisfying process for successful security.

33:50

Episode guests

Hendrik Ewerlin

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Threat modeling success hinges on structured approach to mitigate threats and protect from dangers.

Applying threat modeling to threat modeling itself leads to valuable insights and emphasizes continuous improvement.

Deep dives

Threat Modeling Success Defined by Security and Mitigations

Threat modeling success is defined by being protected from dangers, closely linked to having threats mitigated following a structured approach. Understanding the process, identifying vulnerabilities, and implementing mitigations are vital. Initiating threat modeling involves comprehending the context, anticipating potential threats, and integrating it seamlessly into operations.

Introduction

2min

Reflection on 250 Episodes and Introduction to Hendrik's Security Journey

3min

Evolution of Threat Modeling Process

19min

Embracing Incremental Threat Modeling for Existing Products

5min

Exploring Mitigation Depth and Blindness in Threat Modeling

2min

Exploring Threats and Project Insights

4min

Robert and Chris talk with Hendrik Ewerlin, a threat modeling advocate and trainer. Hendrik believes you can threat model anything, and he recently applied threat modeling to the process of threat modeling itself. His conclusions are published in the document Threat Modeling of Threat Modeling, where he aims to help practitioners, in his own words, "tame the threats to the threat modeling process."

They explore the role of threat modeling in software development, emphasizing the dire consequences of overlooking this crucial process.
They discuss why threat modeling serves as a cornerstone for security, and why Hendrik stresses the importance of adopting a process that is effective, efficient, and satisfying. If you care about secure software, you will want to listen in as Hendrik emphasizes why the approach to threat modeling, as well as the process itself, is so critical to success in security.

Links:
=> Hendrik Ewerlin: https://hendrik.ewerlin.com/security/
=> Threat Modeling of Threat Modeling: https://threat-modeling.net/threat-modeling-of-threat-modeling/

Recommended Reading:
=> Steal Like An Artist and other books by Austin Kleon https://austinkleon.com/books/

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~