- 16 Nov
The cloud has fundamentally changed how teams develop and deploy applications.
By designing Cloud Native Applications, teams eliminate a lot of risks associated with legacy applications. On the other hand, the attack surface of cloud applications can change dynamically and frequently. This brings new threats as bad actors have adapted tactics to move at cloud speed. Threat modeling and adversary emulation are crucial practices for proactively identifying and mitigating potential threats in cloud-native applications.
In this session, we will begin by discussing the fundamentals of cloud-native application security and the importance of integrating threat modeling and adversary emulation into the development lifecycle. We will delve into various threat modeling methodologies such as attack trees, data flow diagrams, and attack surface analysis. Then we will detail the different techniques to identify them and select mitigation strategies. You will learn how to identify and prioritize potential threats by considering the unique characteristics of cloud-native architectures.
Throughout the talk, we will explore the open source tools that help visualizing threats, assessing risks, simulating realistic attack scenarios to generate actionable insights.
By the end of this talk, you will have a comprehensive understanding of cloud-native application threat modeling and adversary emulation techniques and the open-source tools available to support these practices.