March 19, 2022
InfosecGirls Session - 19th March, 2022
Topic: Introduction to threat modelling for application teams — STRIDE basics, trust boundaries, and how to run a short modelling session with developers.
Summary
- Covered STRIDE as a lightweight lens for common threat types in applications.
- Practised drawing trust boundaries between users, services, and data stores.
- Walked through a short developer-friendly session structure (timebox, scope, outcomes).
- Discussed how to turn findings into backlog items without overwhelming product teams.