Threat Modeling Python Web Apps Written With Flask And Django Jared M. Smith @jaredthecoder PyGotham 2017 About Me • From Knoxville, TN • Cyber Security Researcher and Project Lead at Oak Ridge National Laboratory • CS PhD Student at the University of Tennessee, Knoxville • Guest Teacher at Treehouse • Avid hiker and camper @jaredthecoder | PyGotham 2017 Threat Modeling Know your apps @jaredthecoder | PyGotham 2017 @jaredthecoder | PyGotham 2017 1. Identify Assets @jaredthecoder | PyGotham 2017 2. Understand the application @jaredthecoder | PyGotham 2017 https://www.spaceotechnologies.com/app-outsourcing-guide/the-app-concept/ @jaredthecoder | PyGotham 2017 https://msdn.microsoft.com/en-us/library/ee658099.aspx @jaredthecoder | PyGotham 2017 Understanding the Application You should know about: • Trust boundaries • @jaredthecoder | PyGotham 2017 Understanding the Application @jaredthecoder | PyGotham 2017