Ensure your app fails securely

Contents

• Introduction Introduction

  • Supercharge your threat modeling and product security

    53s
• 1. Secure by Design 1. Secure by Design

  • Why secure by design?

    2m 28s
  • (Locked)
    Understanding design flaws in a real-world scenario

    2m 33s
  • (Locked)
    Secure by design fundamentals

    2m 37s
  • (Locked)
    Secure by design: CISA pledge

    2m 20s
  • (Locked)
    Secure by design: Fictional company case study

    1m 43s
  • (Locked)
    Secure by design application walkthrough: Vibe Commerce case

    5m 16s
• 2. Threat Modeling 2. Threat Modeling

  • Understanding common threats

    2m 14s
  • (Locked)
    How to do threat modeling: A step-by-step guide

    3m 54s
  • (Locked)
    Threat-modeling scenario: Real-world example

    1m 3s
  • (Locked)
    Create your own threat model

    4m 27s
  • (Locked)
    Mitigating security risks through threat modeling

    5m 6s
• 3. Five Security Principles 3. Five Security Principles

  • (Locked)
    Secure defaults

    2m 18s
  • (Locked)
    Minimize attack surface

    3m 10s
  • (Locked)
    Principle of least privilege

    4m 53s
  • (Locked)
    Defense in depth

    4m 19s
  • (Locked)
    Fail securely

    2m 56s
• 4. Secure Defaults 4. Secure Defaults

  • Insecure default settings and their risks

    5m 39s
  • (Locked)
    Insecure implementation: Real examples of default pitfalls

    3m 49s
  • (Locked)
    Threat model: Risks of unsafe defaults

    4m 11s
  • (Locked)
    Security requirements: Setting secure defaults from the start

    6m 9s
  • (Locked)
    Real-world example: Secure defaults in practice

    3m 12s
  • (Locked)
    Challenge: Enforce secure defaults in your application

    45s
• 5. Minimizing Attack Surface 5. Minimizing Attack Surface

  • (Locked)
    Scenario: Excessive attack surface

    1m 27s
  • (Locked)
    Insecure implementation: Overexposed interfaces

    3m 14s
  • (Locked)
    Threat model: Finding and reducing attack vectors

    2m 38s
  • (Locked)
    Security requirements: Minimizing attack surface

    2m 6s
  • (Locked)
    Challenge: How to minimize your application's attack surface

    1m 33s
• 6. Principle of Least Privilege 6. Principle of Least Privilege

  • (Locked)
    Scope excessive access and how to fix it

    4m 23s
  • (Locked)
    Threat model: Access control risks and fixes

    5m 24s
  • (Locked)
    Security requirements: Enforcing least privilege correctly

    4m 56s
  • (Locked)
    Real-world example: Principle of least privilege in action

    6m 42s
  • (Locked)
    Challenge: Principle of least privilege

    47s
• 7. Defense in Depth 7. Defense in Depth

  • (Locked)
    Scenario: Dangers of single-layer security

    1m 48s
  • (Locked)
    Insecure implementation: Lack of redundancy

    1m 36s
  • (Locked)
    Threat model: Defense-in-depth failures and fixes

    4m 51s
  • (Locked)
    Secure implementation: Building layered defenses

    2m 19s
  • (Locked)
    Real-world example: Defense-in-depth implementation

    2m 44s
  • (Locked)
    Challenge: Implement defense in depth in your systems

    1m 54s
• 8. Fail Securely 8. Fail Securely

  • (Locked)
    Scenario: Scope of insecure failure states

    1m 19s
  • (Locked)
    Insecure implementation: Handling failures the wrong way

    1m 34s
  • (Locked)
    Threat model: What can go wrong when systems fail

    1m 47s
  • (Locked)
    Security requirements: Designing fail-secure mechanisms

    3m 11s
  • (Locked)
    Real-world example: Fail securely in action

    2m 1s
  • (Locked)
    Ensure your app fails securely

    34s
• 9. Building a Resilient Product 9. Building a Resilient Product

  • (Locked)
    Overall threat model

    2m 47s
  • (Locked)
    Building a secure-first company: What it looks like in practice

    5m 9s
  • (Locked)
    Automation using AI

    4m 31s
  • (Locked)
    Conclusion and wrap-up

    55s
• Conclusion Conclusion

  • (Locked)
    Thank you

    31s