We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

I play Jack of Information Disclosure

Formal Metadata

Title
I play Jack of Information Disclosure
Subtitle
How to do threat modeling via playing cards
Title of Series
Part Number
23
Number of Parts
29
Author
License
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
There is an almost iunescapable conflict between software developers and security engineers. Multiple areas struggle from this conflict: one specifically being threat modeling that does not work because of the lack of cooperation between security engineers and software developers. With the existing methods, security engineers do not get a proper picture of the real risks and software developers get no feeling of what to improve. Gamified threat modeling approaches like Cornucopia and Elevation of Privilege are designed to provide the missing common ground and a process that encourages exchange. As with playing cards, in their turn everyone plays their hand and the group discusses the threat that is described on the played card. The presentation will go through an example application and show the difference between the classical approach to threat modeling and Cornucopia/EoP. The audience is going to learn about a new methodology and get hands- on experience on how to do threat modeling by playing cards.