Application Threat Modeling in Agile

Application
Threat Modeling

Threat modeling is a structured approach that enables you to identify, quantify and address the security risks associated with an application. Threat Modeling provides product teams with an exhaustive array of security threats scenarios and attack possibilities which can be used as a valuable guidepost for subsequent penetration tests and product iterations

The we45 difference

Generic test cases fail to account for vulnerabilities specific to the design and functionality of the application under review. we45’s application threat modeling service helps security teams identify and prioritise critical data/workflows in an application by drawing on user and abuser stories to capture threats comprehensively.

We wrote the book on Threat Modeling in Agile

At we45, we believe that threat models are the playbooks of product security engineering. Threat Modeling should therefore be integrated with the Software Development Lifecycle (SDLC) and performed iteratively for every product release. To account for new feature development, changes to architecture and other dynamic modifications to produce actionable outputs that can be acted upon by various teams within an organization.

Our way of capturing Threat Models-as-Code was presented at AppSecDay, Melbourne

We talked about how to best integrate Threat Modeling to your SDLC at SANS Denver

Open Source Framework - Threat Playbook

Our open source project - Threat Playbook allows product teams to capture User Stories, Abuse Stories, Threat Models and Security Test Cases in YAML Files with the help of Test Automation Frameworks. In addition to facilitating the capture of Threat Models as code, Threat playbook helps product teams trigger security test cases playing the role of a unified DevSecOps framework.

Threat Playbook was showcased at OWASP Seasides 2019, Goa

Threat Playbook was showcased at Black Hat Arsenal

Quality Backed By Experience

Having worked on hundreds of application security engagements, across different industry verticals, our security experts bring their leading-edge skills to your application's Threat Modeling. Our world renowned Training programs impart a practical understanding of performing Threat Modeling in agile environments.

15+ Threat Modeling training classes delivered in the past year

Get in touch with the experts today

Additional Resources

Abuser Stories – A Sneak Peek For Scrum Teams

Simply put, an Abuser Story is a simple description of how the User Story (Feature) can be abused by a malicious actor. They are a useful way to integrate security into your Scrum/Agile Team.

Open Source Project: Threat Playbook

Perform Iterative Threat Modeling in an Agile Environment with Threat Playbook, we45’s open source framework, that allows product teams to capture user stories, abuser stories, threat models and security test cases in YAML files.

Download

Training : Threat Modeling in Agile

Threat Modeling is considered an essential activity in the modern Software Development Life-cycle. It helps in identifying threats and possible vulnerabilities early.