Cloud Native Application Threat Modeling and Adversary Emulation : Techniques and Tools - Rafik Harabi, Sysdig
Abstract
The cloud has fundamentally changed how teams develop and deploy applications. By designing Cloud Native Applications, teams eliminate a lot of risks associated with legacy applications. On the other hand, the attack surface of cloud applications can change dynamically and frequently. Threat modeling and adversary emulation are crucial practices for proactively identifying and mitigating threats. We will begin by discussing the importance of threat modeling and adversary emulation. We will delve into various threat modeling methodologies such as data flow diagrams, and attack surface analysis in addition to different techniques to identify threats and select mitigation strategies. We will explore the open source tools that help visualizing threats, assessing risks and simulating realistic attacks to generate actionable insights. By the end of this talk, you will have a comprehensive understanding of cloud-native application threat modeling and adversary emulation techniques and tools