Design flaws can lead to vulnerabilities present in the blue prints of your application. If you’re building a house with a blue-print that doesn’t call for locks on the windows, your house will be built with a huge vulnerability. If your software is missing needed controls or has gaps in logic, attackers will be able to find those vulnerabilities that SAST and DAST scanning tools may miss.

Chandu Ketkar pioneered the Synopsys Threat Modeling Method and built the Architecture Risk Assessment Practice from the ground up. In this episode, we demystify threat modeling. Chandu explains how any company can take this informal risk assessment and problem solving exercise that we all do in our daily lives and formalize it into a repeatable practice that can be fit into any development organization.

This is the AppSec Master Class Podcast, a podcast that helps you solve problems your developers are facing by building proactive capabilities.