Threat Modeling and Incident Response in OpenSSL-Based Systems
OpenSSL is everywhere, powering secure communication in the systems we rely on
daily. However, that reach also makes it a prime target for attackers. In this
session, we will walk through how to use threat modeling, with a focus on
STRIDE and attack trees, to uncover weak spots and vulnerabilities in OpenSSL-based systems before
attackers do. We will look at where vulnerabilities tend to creep in, from
unsafe defaults and risky configurations to flawed assumptions in system
design. I will also share what a solid incident response plan looks like when
cryptographic components are involved, especially under standards like FIPS
140-3. Whether you are writing code, securing infrastructure, or preparing for
the next zero-day, you will leave with practical strategies to reduce risk and
respond more effectively when something breaks.
Technical Deep Dive & Innovation
Belvedere II/ Community, Contribution & the Future
