Aaron Bedra talks to me about threat modelling, why you should do and what to cover.
Who he is, what he does. What is threat modeling and how he approaches it. Types of security, loss of money, loss of life. Should you secure something if it is not valuable. Are we in a post security world? How often your site is attacked. How to decide what to protect. Regulations and breaches. How to protect your system, watch for outgoing data. How to build secure software from the start (it starts with a hug from Aaron!). Hashed passwords are not as secure as you think. Encryption and input validation. How to check third party libraries. Better software practices lead to better security. How much security is enough, "if you are investing more than you could lose, you're doing it wrong".