Toreon Office | Grotehondstraat 44 1/1 - 2018 Antwerpen | +32 3 369 33 96
35th Edition – May 2024
This edition, we’re skipping our usual guest article to focus on the upcoming ThreatModCon in Lisbon!
The brightest minds in the threat modeling space are ready to collaborate, learn, and upskill together, and you can still register for the event.
But that’s not all of course, let’s take a look at what else we have in store for this month’s edition:
This edition, we’re skipping our usual guest article to focus on the upcoming ThreatModCon in Lisbon!
The brightest minds in the threat modeling space are ready to collaborate, learn, and upskill together, and you can still register for the event.
But that’s not all of course, let’s take a look at what else we have in store for this month’s edition:
Announcement
ThreatModCon 2024 Lisbon is coming in 20 days!
Toreon blog
Threat Modeling Playbook Part 5 – Innovate with threat model technology
Curated content
MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices
Curated content
OWASP Top 10 for LLM Applications
Tips & tricks
Secure from the Start: Integrate Continuous Threat Modeling
Training update
An update on our upcoming training sessions.
Find your threat modeling peers at ThreatModCon Lisbon on June 28-29 for a two-day threat modeling feast. For the first time, ThreatModCon travels to Europe and gathers the brightest minds in the threat modeling space to collaborate, learn, and upskill together.
Get ready to learn from experts like Adam Shostack, Irene Michlin, Kim Wuyts, Jonathan Marcil, Izar Tarandach, Avi Douglen, and Sebastien Deleersnyder, and hang out with the community! As an official partner event of OWASP, ThreatModCon 2024 Lisbon will take place right after OWASP Global AppSec Lisbon.
📅 Date: June 28-29, 2024
📍 Location: Lisbon, Portugal
📖 Topics: AI threat modeling workshop, scalable threat modeling, developer engagement, managing inherent threats, and 8+ more
📖 Fun: Sunset cruise, birds-of-a-feather discussions, bingo game, and much more 🥳
Limited spots left. Secure yours now. Use the code TOREON35 to get €35 off.
In a series of blogs, we unravel the complexities of executing a successful threat modeling strategy through our Threat Modeling Playbook. In this final part, we focus on how to innovate with threat model technology.
We discuss a number of guidelines that provide guidance on selecting the right technology and integrating it into your way of working so that the technology maximally supports the threat modeling process, and not the other way around.
The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments.
The ultimate goal is to provide device vendors with a unified picture of different vulnerabilities in their technologies that are prone to attacks and the security mechanisms for mitigating those shortcomings.
Businesses, eager to harness the potential of LLMs and Generative AI are rapidly integrating them into their operations and client facing offerings. Yet, the breakneck speed at which LLMs are being adopted has outpaced the establishment of comprehensive security protocols, leaving many applications vulnerable to high-risk issues.
The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments.
The ultimate goal is to provide device vendors with a unified picture of different vulnerabilities in their technologies that are prone to attacks and the security mechanisms for mitigating those shortcomings.
Businesses, eager to harness the potential of LLMs and Generative AI are rapidly integrating them into their operations and client facing offerings. Yet, the breakneck speed at which LLMs are being adopted has outpaced the establishment of comprehensive security protocols, leaving many applications vulnerable to high-risk issues.
Incorporate threat modeling at the earliest stages of your development process and make it a routine part of your workflow. Begin by identifying key milestones in your project timeline where threat modeling reviews will occur, such as initial design, pre-coding, and post-coding phases. Assign specific team members to lead these efforts and ensure they are trained in threat modeling techniques.
To maintain timeliness, set clear deadlines for each threat modeling review and integrate these deadlines into your overall schedule. Use automated tools to assist in identifying potential threats and streamline the process. Regularly update and revisit your threat model to adapt to any changes in the product, ensuring ongoing security throughout the development lifecycle. By embedding these practices into your workflow, you ensure security remains a priority, resulting in a more secure and resilient final product.
Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Troopers Germany, Heidelberg
Next training date:
24-25 June 2024
Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, virtual, hosted by Black Hat USA, Las Vegas
Next training dates:
3-6 August 2024
Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by OrangeCon, Amsterdam
Next training dates: 3-4 September 2024
Threat Modeling Practitioner training, hybrid online, hosted by DPI
Cohort starting on 23 Sep 2024
Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Troopers Germany, Heidelberg
Next training date:
24-25 June 2024
Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, virtual, hosted by Black Hat USA, Las Vegas
Next training dates:
3-6 August 2024
Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by OrangeCon, Amsterdam
Next training date:
24-25 June 2024
Threat Modeling Practitioner training, hybrid online, hosted by DPI
Cohort starting on 23 Sep 2024
