Think outside the box like an attacker would!

Hackers are constantly attacking IT infrastructures in new ways – whether in the industry or in the service and banking sector. So developers, managers and architects would do well to put themselves in the role of the attacker in order to identify the vulnerability of their products through a threat and risk analysis – and to correct the errors quickly.

The fact is that users of software, hardware and special IT solutions expect secure, reliable products. What sounds simple, however, is difficult to achieve in practice. On the one hand, products and solutions are becoming more complex – and thus more vulnerable – and on the other hand, attack patterns are becoming increasingly sophisticated. At the same time, the pressure is increasing: reporting on the successful misuse of software vulnerabilities has become a popular topic for the general public.

A threat and risk analysis to identify attack vectors

The TRA is part of a process for the development of secure software (Security Development Lifecycle) and is used to identify possible weak points and remedy them at an early stage through the appropriate measures.

What do I need? A workshop that takes place right at the beginning of a development process in order to put the architecture of the application on a firm footing.

How does a TRA workshop work?

Ideally, a TRA workshop is accompanied by a moderator and a security expert. Limes Security is ready to assist development teams if they want to find such an expert. In the medium term, however, at least one such expert should be located in each organizational unit of the company.
Everyone who comes into contact with the respective product or solution should take part in the workshop: From product managers, developers and architects to testers and service staff. The mix is important in order to introduce the different perspectives on the product or IT solution: Service staff, for example, contribute important practical experience. Guided by the security expert, the participants put themselves in the role of the attacker and ask themselves questions such as: “How can functions, interfaces or other aspects of the software be misused? This process, often referred to as threat modeling, is all the more valuable the more different experts take part – every new perspective helps to discover and eliminate previously unknown types of attack.

Limes Security recommends

If you are working on a new module, developing a new software or designing a special solution for your company, involve the security specialists from Limes Security. Call us today to arrange a non-binding meeting!

The first Embedded Systems Security Days in November

The Embedded Systems Security Days will take place for the first time in Vienna from 6 to 8 November 2019. And together with Alpha Strike Labs, Limes Security has managed to put together a top-class programme.
How can security vulnerabilities be avoided right from the start? What threats do I have to face to protect my system? What security measures do I need to take? These questions will be answered on three days by real specialists.

The training contents:

Day 1: “Secure software development with IEC 62443-4-1” with trainer Peter Panholzer
Day 2: “Threat Modeling Basics” with Threat Modeling Guru Adam Shostack – also known as “the guy, who wrote the book” (Threat Modeling: Designing for Security) – Unique opportunity in Europe!
Day 3: “Threat Modeling Deep Dive” with Adam Shostack

In addition to professional trainings, the “Embedded Systems Security Days” also focus on networking. There will be opportunities to exchange ideas with each other and an extensive range of networking events, such as the ICS cyber security simulation game “Zero Downtime” and a joint visit to the ITSecX conference.

EARLY BIRD OFFER (valid until August 8):

All-inclusive package with catering and evening programme 2.699,- Euro.
All other offers and the programme in detail can be found under:
Embedded Systems Security Days