Teaching software security with threat modeling: conference workshop

Security attacks are changing their target from the network to the application, where an estimated 75% of attacks take place according to Gartner[1]. Increased pressure from customers and government regulations like HIPAA and Sarbanes-Oxley are pushing businesses to address security issues in software development. While all developers do not need to be security experts, they do need a certain level of security awareness. To achieve this goal, students need to be made aware of security issues when developing any large project in class.