You are viewing content from a past/completed QCon - November 2020

Workshop

Threat Assessment for Software Architects

Purchase your ticket for this workshop for $

Lab

Key Takeaways

1 How to create a data flow diagram that shows how data flows through your system, and all the interconnectors and processing that takes place

2 How to use that diagram to identify the areas of security risk, and what controls can help you manage those risks


The systems we are developing and building can be quite complex, and are starting to use techniques and technologies that are very new.

Even though the techniques and technology are new, the way we assess the security and threats remains the same. It boils down to understanding all the bits and bobs that the system is made up of, and thinking through the most applicable weaknesses and threats, and then balancing those weaknesses and threats out with various different types of security controls.

This 3-hour workshop will cover:

  • Why it’s important to think about the threats your application may face and the benefits that can bring to your development practice
  • Six most common weaknesses that you need to assess for - using the STRIDE threat model
  • How someone, or a threat, could take advantage of those weaknesses
  • Understand the types and categories of security controls we can apply to our systems and how they can minimise those weaknesses
  • How to create your own data flow diagram in a way that can help you identify weaknesses (and the controls needed)

Who is this for:

Software architects or software developers who are involved in designing or building systems and want to learn how to build in good security at the beginning of the development lifecycle.


Speaker

Laura Bell

Founder and CEO of @safestack

With almost a decade of experience in software development and information security, Laura specializes in bringing security practices and culture into organisations of agile and high growth organisations. An experienced adviser, security manager and trainer, she provides security services to...

Read more
Find Laura Bell at:

Speaker

Erica Anderson

COO @safestack

Erica has worked in and can empathise with most IT and tech roles. Over the past seven years, she has been a consultant, engineer, tester, analyst, incident responder, and teacher. She has worked with a wide range of organisations, from small NZ businesses to global corporations. Being in...

Read more
Find Erica Anderson at:

Date

Friday Nov 6 / 12:30PM PST (3 hours)

Level

Level Intermediate

Topics

Security

Add to Calendar

Add to calendar

Share

Prerequisites

Participants don't need any specific software - and just need their laptops and an internet connection.

Participants will get the most value out of the workshop if they came prepared with a system in mind that they wish to walkthrough and model.

Participants should be familiar with the different resources that make up the system they are modeling - they don't need to know detailed configurations - just what the resource does.

More Workshops

Workshop Containers

Getting Started With Containerization

Friday Nov 6 / 09:00AM PST

Containers are the new unit of deployment. The reason is simple: containers are a very powerful tool that can streamline development and ops, save companies money by focusing on deploying a packaged unit, and reduce the friction in delivering software. However, the flip side is they’re a...

Wes Reisz

Platform Architect @VMware & Creator/Co-host of #TheInfoQPodcast, previous VP of Technology @Section

Jeff Butler

Senior Platform Architect @VMware

Level Beginner
Workshop

Reactor: Mastering Concurrency

Friday Nov 6 / 09:00AM PST

During the workshop, we'll learn enough of Project Reactor to run complex business logic concurrently.No prior experience with reactive programming is required.The workshop is an exclusive hands-on experience with no slides but 100% exercises.I'll guide you through the details of Reactor...

Tomasz Nurkiewicz

Java Champion, CTO @devskiller, Podcaster & Trainer

Level Beginner
Workshop Kubernetes

Effective Spring + Kubernetes

Friday Nov 6 / 09:00AM PST

Both Spring and Kubernetes have massive ecosystems leading to lots of ways to use Spring on Kubernetes. Which way is the best, what are the pros and cons of different approaches to using Spring and Kubernetes?This workshop is organized as a series of recommendations for how to best use Spring and...

Adib Saikali

Principal Platform Architect @VMware Tanzu

Level Intermediate
Workshop Kubernetes

Getting Started With Kubernetes and Container Orchestration

Friday Nov 6 / 12:30PM PST

Kubernetes (K8s) is a very powerful tool, primarily concerned with orchestrating and automating the deployment and management of networked applications.Understanding how Kubernetes works makes you an effective power user for building higher-level platforms. This workshop is aimed at technologists...

Wes Reisz

Platform Architect @VMware & Creator/Co-host of #TheInfoQPodcast, previous VP of Technology @Section

Jeff Butler

Senior Platform Architect @VMware

Level Intermediate
Workshop Spring Boot

Easy Integration Testing with Spring Boot + Test Containers

Friday Nov 13 / 09:00AM PST

Integration tests require external resources such as databases, message queues ....  to execute successfully.  A developer must consults the project's development environment setup guide to install and configure the various dependencies that integration tests require before they can...

Adib Saikali

Principal Platform Architect @VMware Tanzu

Sergei Egorov

Software Developer @VMware & Member of the Spring Team

Level Intermediate
Workshop Artificial Intelligence

[SOLD OUT] AI to Production and Its Pitfalls

Friday Nov 13 / 09:00AM PST

During the workshop, we will learn how to maintain a machine learning project end to end. We will show you common problems we have seen when deploying machine learning applications,like:Shipping models consistently to productionNot ensuring data sanity upon requestsTracking inputs and outputs to...

Jendrik Jördening

CTO @Nooxit

Level Intermediate
Workshop Service Mesh

Multi-Cluster Service Mesh Patterns, Configuration and Operations

Friday Nov 13 / 12:30PM PST

Microservices promise greater agility and speed in delivering innovation to customers through digital experiences. As a set of many, small services that are loosely coupled together and often written in different languages and packages, microservices allow organizations to make changes to a...

Christian Posta

Global Field CTO @soloio_inc

Level Intermediate
Workshop Culture

Deliberately Designing a Collaborative Culture - and Keeping It Alive When Remote

Friday Nov 13 / 12:30PM PST

Collaborative organizational culture doesn't just happen, it needs conscious and deliberate design and careful nurturing. In this workshop, participants will explore what a collaborative organizational culture is, why it matters, and how to deliberately design culture.  Culture...

Shane Hastie

Director of Agile Learning Programs @ICAgile

Level All
Workshop Frontends

Building Micro-Frontends

Friday Nov 13 / 12:30PM PST

Micro-frontends are the answer to today’s increasingly complex web applications. Inspired by the microservices model, this approach lets organizations break interfaces into separate features managed by different teams of developers. Microservices provide a way for scaling our projects...

Luca Mezzalira

Vice President of Architecture @dazngroup

Level Intermediate
Logo

Build your learning journey and level-up on the skills most in-demand in 2021. Attend QCon Plus (Nov 1-5, 2021).

Save your spot for $549 before August 31st

Register