For cloud-native applications, the combination of new technologies and architectural elements has introduced questions about how to scope, plan, and execute security assessments. This presentation looks at how the assessment landscape has changed with the introduction of cloud-native applications and explores how threat modeling is central to testing their security. In addition, the “Four C’s” conceptual model for looking at cloud-native application security is introduced, including a discussion of how both automated and manual testing methodologies can be used to accomplish assessment goals.
A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group’s industry leading application security program management platform. Cornell is a sought-after speaker on topics of web application security, speaking at international conferences including the RSA Security Conference, OWASP AppSec USA and EU, and Black Hat Arsenal. He has also appeared as a guest speaker at institutions such as the Los Alamos National Laboratory. He has published papers on topics ranging from data security to high-end graphical simulations, as well as an IBM Redbook on building server-side Java applications for the Linux platform. He is a recognized expert in the area of web application security for SearchSoftwareQuality.com and has been quoted as an expert in SC Magazine, Network World, CSO Magazine, Dark Reading and many more.