ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335"
Episode Synopsis
What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that are more conducive to useful threat models. Resources: https://www.eurekadevsecops.com/agile-devops-and-the-threat-modeling-disconnect-bridging-the-gap-with-developer-insights/ https://www.threatmodelingmanifesto.org https://kellyshortridge.com/blog/posts/security-decision-trees-with-graphviz/ In the news, learning from outage postmortems, an EchoLeak image speaks a 1,000 words from Microsoft 365 Copilot, TokenBreak attack targets tokenizing techniques, Google's layered strategy against prompt injection looks like a lot like defending against XSS, learning about code security from CodeAuditor CTF, and more! Show Notes: https://securityweekly.com/asw-335
More episodes of the podcast Security Weekly Podcast Network (Video)
Automating Compliance and Risk with Agentic AI as CISOs (R)Evolve - Trevor Horwitz - BSW #417
15/10/2025
Bikers, Apple, Storm-657, Astaroth, EES, Salesforce, Aaran Leyland, and more... - SWN #520
14/10/2025
New book from Dr. Anand Singh, why CISOs buy, and the latest news - Anand Singh - ESW #428
13/10/2025
Ballistic Hot Dogs, Clayrat, Twonet, Lockbit, Resumes, Discord, Aaran Leyland and... - SWN #519
10/10/2025
IoT Hacks Galore - Kieran Human - PSW #895
09/10/2025
Forrester's Global Cybersecurity Market Forecast Before AI Fully Kicks In - Merritt Maxim - BSW #416
08/10/2025
In God we trust