×

Remote Training (Dec 7-8) : DevSecOps Masterclass 2020 Discoverer Edition Register Now

Application
Threat Modeling

The we45 difference

Generic test cases fail to account for vulnerabilities specific to the design and functionality of the application under review. we45’s application threat modeling service helps security teams identify and prioritise critical data/workflows in an application by drawing on user and abuser stories to capture threats comprehensively.

We wrote the book on Threat Modeling in Agile

At we45, we believe that threat models are the playbooks of product security engineering. Threat Modeling should therefore be integrated with the Software Development Lifecycle (SDLC) and performed iteratively for every product release. To account for new feature development, changes to architecture and other dynamic modifications to produce actionable outputs that can be acted upon by various teams within an organization. 

we45 at AppSecDay Melbourne
Our way of capturing Threat Models-as-Code was presented at AppSecDay, Melbourne
site-logo-2
We talked about how to best integrate Threat Modeling to your SDLC at SANS Denver
Open Source Framework - Threat Playbook

Our open source project - Threat Playbook allows product teams to capture User Stories, Abuse Stories, Threat Models and Security Test Cases in YAML Files with the help of Test Automation Frameworks. In addition to facilitating the capture of Threat Models as code, Threat playbook helps product teams trigger security test cases playing the role of a unified DevSecOps framework.

we45's Threat Playbook at OWASP Seasides, Goa
Threat Playbook was showcased at OWASP Seasides 2019, Goa
we45's Threat Playbook at Black Hat USA 2018
Threat Playbook was showcased at Black Hat Arsenal
Quality Backed By Experience

Having worked on hundreds of application security engagements, across different industry verticals, our security experts bring their leading-edge skills to your application's Threat Modeling. Our world renowned Training programs impart a practical understanding of performing Threat Modeling in agile environments.

we45's Threat Modeling training
15+ Threat Modeling training classes delivered in the past year

Get in touch with the experts today


    ConferenceSocial MediaNews/ BlogGoogle/SearchTalked to a Sales RepOther

    By checking this box you agree to receive communication on we45's events, product or solution offerings by email to your contact information.

    You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

    By clicking submit below, you consent to allow we45 to store and process your personal data to provide you the requested information.

    Additional Resources

    Abuser Stories – A Sneak Peek For Scrum Teams

    Simply put, an Abuser Story is a simple description of how the User Story (Feature) can be abused by a malicious actor. They are a useful way to integrate security into your Scrum/Agile Team.

    Read More

    Open Source Project: Threat Playbook

    Perform Iterative Threat Modeling in an Agile Environment with Threat Playbook, we45’s open source framework, that allows product teams to capture user stories, abuser stories, threat models and security test cases in YAML files.

    Download

    Training : Threat Modeling in Agile

    Threat Modeling is considered an essential activity in the modern Software Development Life-cycle. It helps in identifying threats and possible vulnerabilities early.

    Read More
    we45