How do you introduce threat modeling to your existing codebase without slowing everything else down (aka the expensive “security push”)? Incremental threat modeling might be the answer. Incremental threat modeling concentrates on current additions and modifications that can be time-boxed to fit the tightest of agile lifecycles and still deliver security benefits. In this workshop, you will:

• Learn the technique of incremental threat modeling
• Practice modeling an addition of a new feature to a realistic architecture
• Find threats relevant to the feature while keeping the activity focused (i.e. not trying to boil an ocean)