(Ab)user Experience: The Dark side of Product and Security - L. Potter, J. Watkins NDC Security 2025

This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndc-security.com/ Subscribe to our YouTube channel and learn every day: @NDC Follow our Social Media! https://www.facebook.com/ndcconferences https://twitter.com/NDC_Conferences https://www.instagram.com/ndc_conferences Security can often feel like an unapproachable and mysterious part of an organisation – the department of work prevention, the department of “nope.” But it doesn’t have to be that way. In this talk we will look at the unintended users of a product, the “threat agents”. By engaging the Security team in the Product process, we can model the dark side of use cases and user stories through threat modelling techniques. This can help demystify impenetrable security NFRs through concrete examples of how these threat agents may try to misuse your shiny new digital product. Who this event will benefit Those building products/apps exposed to the web People who are wanting to build out an awareness of the possible attack vector use cases (i.e. how might you be attacked) People who need to write that down as a set of requirements to help build a DevSecOps approach in projects