Threat Modeling

The we45 difference

Generic test cases fail to account for vulnerabilities specific to the design and functionality of the application under review. we45’s application threat modeling service helps security teams identify and prioritise critical data/workflows in an application by drawing on user and abuser stories to capture threats comprehensively.

We wrote the book on Threat Modeling in Agile

At we45, we believe that threat models are the playbooks of product security engineering. Threat Modeling should therefore be integrated with the Software Development Lifecycle (SDLC) and performed iteratively for every product release. To account for new feature development, changes to architecture and other dynamic modifications to produce actionable outputs that can be acted upon by various teams within an organization. 

we45 at AppSecDay Melbourne
Our way of capturing Threat Models-as-Code was presented at AppSecDay, Melbourne
We talked about how to best integrate Threat Modeling to your SDLC at SANS Denver
Open Source Framework - Threat Playbook

Our open source project - Threat Playbook allows product teams to capture User Stories, Abuse Stories, Threat Models and Security Test Cases in YAML Files with the help of Test Automation Frameworks. In addition to facilitating the capture of Threat Models as code, Threat playbook helps product teams trigger security test cases playing the role of a unified DevSecOps framework.

we45's Threat Playbook at OWASP Seasides, Goa
Threat Playbook was showcased at OWASP Seasides 2019, Goa
we45's Threat Playbook at Black Hat USA 2018
Threat Playbook was showcased at Black Hat Arsenal
Quality Backed By Experience

Having worked on hundreds of application security engagements, across different industry verticals, our security experts bring their leading-edge skills to your application's Threat Modeling. Our world renowned Training programs impart a practical understanding of performing Threat Modeling in agile environments.

we45's Threat Modeling training
15+ Threat Modeling training classes delivered in the past year

Get in touch with the experts today

Additional Resources

Abuser Stories – A Sneak Peek For Scrum Teams

Simply put, an Abuser Story is a simple description of how the User Story (Feature) can be abused by a malicious actor. They are a useful way to integrate security into your Scrum/Agile Team.

Read More

Open Source Project: Threat Playbook

Perform Iterative Threat Modeling in an Agile Environment with Threat Playbook, we45’s open source framework, that allows product teams to capture user stories, abuser stories, threat models and security test cases in YAML files.


Training : Threat Modeling in Agile

Threat Modeling is considered an essential activity in the modern Software Development Life-cycle. It helps in identifying threats and possible vulnerabilities early.

Read More