Snahil Singh
Application and Product Security
Seattle, Washington, United States
Actions
I'm an experienced Security Engineer with a demonstrated history of working in the software and infrastructure security industry. Expertise includes designing and developing secure applications, browser security, IoT security, cryptography, penetration testing, cloud and infrastructure security, and implementing secure software development lifecycle.
Area of Expertise
Topics
Threat Modeling Techniques for Complex Systems
STRIDE, PASTA, and other widely used threat modeling methodologies are often applied to simple applications and services. However, as systems scale and grow in complexity, these traditional approaches tend to fall short, often resulting in missed threat scenarios and incomplete threat surface analysis.
In this paper, we will define what constitutes a complex system and explore various types, including distributed networks, microservices, third-party integrations, cloud environments, and IoT devices. As systems expand and involve increasingly interconnected components, the risk of overlooking vulnerabilities rises. We will also discuss how to effectively perform threat modeling for such complex systems, emphasizing the need for more advanced, adaptable techniques that address the unique challenges posed by these evolving architectures.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top