David Johansson

David Johansson has worked as a security consultant for over 10 years at various companies in Sweden and UK. Among other things, he has worked with software development and architecture, threat modeling, web security testing, and training developers and testers in security. David lives in London where he works as a Principal Consultant leading the Vulnerability Assessment practice for Synopsys Software Integrity Group.

Social Profiles

All Sessions by David Johansson

Main Track / Tech Track
16:25

Threat Modelling Stories From the Front Line

16:25 - 16:55

Threat modelling is a software analysis technique capable of finding design defects. But what sort of issues are uncovered in practice using threat modelling? This talk bridges the gap between theory and practice by describing case studies – design flaws uncovered for actual (but anonymised) systems across many domains, for example two-factor authentication, business-to-business interactions, and password storage redesign. In this talk we are less concerned with theory. Instead, the attendee will gain insight into the mindset of threat modelling by considering mistakes in the real-world. Along the way we will (re)learn secure design principles and attack patterns and see how the theory is expressed in reality.

David Johansson

Social Profiles

All Sessions by David Johansson

Main Track / Tech Track

Threat Modelling Stories From the Front Line

Share