OWASP 2024 Global AppSec San Francisco

The safeguarding of personal data in modern digital systems can no longer be an afterthought. It must be a consideration from the beginning. It is imperative that the preservation of privacy be a principal objective, and privacy safeguards must be by design.


LINDDUN, an acronym for Linking, Identifying, Non-repudiation, Detecting, Data Disclosure, Unawareness, and Non-compliance, encapsulates the core privacy threats that are prevalent in modern software systems. The LINDDUN privacy threat modeling framework supports privacy engineering by providing a structured approach to identifying, analyzing and mitigating threats to privacy in software systems, enabling the inclusion of privacy safeguards as an inherent part of software design and architecture.


In this presentation we will illustrate how adopting LINDDUN can uncover privacy risks and enable privacy by design. We will navigate through the threat modeling process, applying the LINDDUN framework to a fictional application to demonstrate how LINDDUN serves as a critical tool in identifying and analyzing privacy risks. Whether you’re a seasoned professional or new to the field, this presentation will equip you with the foundational knowledge to effectively implement privacy threat modeling with LINDDUN and elevate your privacy engineering efforts to new heights.