You are viewing content from a past/completed QCon - November 2020

Threat Assessment for Software Architects

Purchase your ticket for this workshop for $200.00

Key Takeaways

1How to create a data flow diagram that shows how data flows through your system, and all the interconnectors and processing that takes place

2How to use that diagram to identify the areas of security risk, and what controls can help you manage those risks

The systems we are developing and building can be quite complex, and are starting to use techniques and technologies that are very new.

Even though the techniques and technology are new, the way we assess the security and threats remains the same. It boils down to understanding all the bits and bobs that the system is made up of, and thinking through the most applicable weaknesses and threats, and then balancing those weaknesses and threats out with various different types of security controls.

This 3-hour workshop will cover:

  • Why it’s important to think about the threats your application may face and the benefits that can bring to your development practice
  • Six most common weaknesses that you need to assess for - using the STRIDE threat model
  • How someone, or a threat, could take advantage of those weaknesses
  • Understand the types and categories of security controls we can apply to our systems and how they can minimise those weaknesses
  • How to create your own data flow diagram in a way that can help you identify weaknesses (and the controls needed)

Who is this for:

Software architects or software developers who are involved in designing or building systems and want to learn how to build in good security at the beginning of the development lifecycle.


Laura Bell

Founder and CEO of @safestack
With almost a decade of experience in software development and information security, Laura specializes in bringing security practices and culture into organisations of agile and high growth organisations. An experienced adviser, security manager and trainer, she provides security services to... Read more Find Laura Bell at:


Erica Anderson

COO @safestack
Erica has worked in and can empathise with most IT and tech roles. Over the past seven years, she has been a consultant, engineer, tester, analyst, incident responder, and teacher. She has worked with a wide range of organisations, from small NZ businesses to global corporations. Being in... Read more Find Erica Anderson at:

Friday Nov 6 / 03:30PM EST (3 hours)


Level Intermediate

TOPICS Security ADD TO CALENDAR Calendar IconAdd to calendar

Participants don't need any specific software - and just need their laptops and an internet connection.

Participants will get the most value out of the workshop if they came prepared with a system in mind that they wish to walkthrough and model.

Participants should be familiar with the different resources that make up the system they are modeling - they don't need to know detailed configurations - just what the resource does.

More Workshops


Build your learning journey and level-up on the skills most in-demand in 2021. Attend QCon Plus (May 17-28, 2021).

Save your spot for $549 before May 1st