The earlier we perform security interventions, the better. The best time? While we’re designing an application. This workshop will discuss the importance and use of Application Threat Modeling during app design, how to apply it to existing applications during later phases of development, then perform application threat modeling on an example web application using the Trike methodology.

The presented methodology is built on the concept that understanding the design of an application is all that is needed to create a threat model - and doing so can remove the uncertainties and brainstorming that other security threat modeling can require. Rather than requiring a deep security knowledge, all we need is to understand the application - something developers are uniquely suited to do.