July TASK: Threat Modelling for the Blue Team / Surviving in-house Bug Bounty Program – Handling the Unknown

Wednesday 25-July-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


This month we welcome Max Cizauskas with a talk on threat modelling for blue teams and Dolev Farhi with a session on in-house bug bounty programs at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Heading to Black Hat, DefCon or B-SidesLV? Let us know (email info@task.to). Along with connecting you with fellow TASKers, each August we hold a special BH/DC/BSLV recap, so if you are going, please consider putting your hand up to share overview of the sessions you attend and what you learn.

We look forward to seeing you Wednesday night!

Speaker: Max Cizauskas
Topic: Threat Modelling for the Blue Team

Threat Modelling gets your organization to see your systems, applications and processes through the eyes of an attacker. It can be used early in the development process to quickly reveal issues making it cheaper to fix and teaching the developers where controls need to be placed to build in resilience.

This talk will first discuss the important factors in scoping an assessment. Then it will cover how to do dataflow diagrams to capture the important components of the system in scope, how they interact, and which are exposed to an attacker. Next it will discuss the application of the STRIDE model to do the actual threat modelling, and finally how to capture all of the potential threats in a threat matrix. At the end of this talk you will know how threat modelling cuts down on assessment time and brings value to the organization beyond just threat assessment.

Speaker: Dolev Farhi
Topic: Surviving in-house Bug Bounty Program – Handling the Unknown

We often hear about vulnerabilities found through Bug Bounty programs, but we never get to hear the side who’s handling them. How do you keep up with hundreds of hackers probing your infrastructure?

In this talk, Dolev Farhi will provide you with his experience running an in-house Bug Bounty Program, the benefits, the challenges, tips, and how an external security report can easily turn into a potential threat.

Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.