Attack Trees - A different approach to doing security


Methodologies & Tools

Date and time

Wednesday, 09. May 2018., 11:20


Hall C



“Is our system secure?” No, it’s not. There’s no absolutely secure system. Apps get broken all the time, often in ways its designers never even imagined. Attacks thought to be beyond the ability of mortal men yesterday become common thing today. So the term "security" doesn't have any real meaning unless we can answer questions like "Secure from whom?" or "Secure for how long?"But in order to answer all these questions, we need an efficient and understandable way to model threats against our system. Enter attack trees.Attack trees provide us with a new way of understanding how our system might be attacked and how to prioritise security measures to be implemented. It also makes it easy for product managers and technical people to have a conversation about the prioritisation of security features, and to understand whether a new feature will affect the security of the system. Finally, attack trees are designed to ensure that the whole team has visibility and even ownership of the security process for the product..In this session we’ll learn how to approach our system in a new way, how to think like an attacker, how to document, evaluate and rate the threats, and how to communicate them effectively to the whole team.

Lecture details

Type: Lecture
Level of difficulty: General
Experience Level: No experience
Desirable listeners function: All
Group of activity: Methodologies & Tools

About speaker

Like us on Facebook

We post news, photos and other interesting facts on official JavaCro Facebook Page.

Follow us on Twitter

Keep up to date with all the news on Twitter!


The conference is organized by the Croatian Association of Oracle users & Croatian Java Users Association. 

Glavni pokrovitelj


Media Sponsors