Threat modeling plays a vital role in SAP’s secure software development life cycle and shifting security left. Here at SAP, different lines of business and teams adopt various approaches while playing devil’s advocate and identifying threats in the architecture during the design phase. At SAP Customer Experience, we have been conducting numerous threat modeling exercises over the years, across all CX product lines. In this talk, we'll see how to use threat modeling to find the worst vulnerabilities hidden in the complexity of our systems by uncovering architectural flaws early, exposing attack surfaces and identifying attack vectors. Join this session to hear firsthand stories, learn the process of conducting workshops, hear about the challenges faced and do's and dont's and best practices from our experiences.

Key Takeaways:

• Be better prepared to use threat modeling and risk analysis to customize your own security strategy.
• Create a richer, more sophisticated threat model that reduces risk and keeps your data and users safer.
• Uncover new vulnerabilities that weren't obvious or that may have been laying dormant.