Threat modelling for Agile teams
The so-called shift-left testing is an increasingly popular requirementfor developing secure software. It ensures the earliest possibleconsideration and review of security aspects within the softwaredevelopment life cycle.
Why threat modeling
There are a number of classical frameworks implementing shift-left testing, such as OWASP,SAMM, or Microsoft SDL, and others. Still, we believe threat modeling to be one of the mostpractically useful and efficient solutions for Agile teams.
That’s why at Iterasec, we offer unique threat modeling to help them:
- kick-start threat modeling
- mitigate the identified risks
- educate them on supporting this process on their own
You’re welcome to read this article to learn about the different threat modeling methodologieswe use.
How it works
We start with a kick-off meeting, followed by or combined with a threat modeling workshop. Anexperienced threat modeling expert from Iterasec is participating in every stage, supporting andguiding the team.
1. The kick-off meeting
- Members of thearchitecture and devteam
- Iterasec exper
- To explain threat modeling concepts andimplementation options.
- To ask questions about the agile process and yourproduct.
- To come up with the most efficient threat modelingprocess for your team.
2.Threat modeling workshop
- Key members of theteam working on thefunctionality
- Iterasec expert
- To brainstorm on the possible threats
- To estimate possible risk levels.
- To decide which security requirements or controls toapply.
Benefits
So, why threat modeling? The answer is simple: it allows making rational security decisions,resulting in a secure and trustworthy product. Moreover, threat modeling ensures:
Fewer security issues by design and, as a result, saved costs on potential criticalsecurity issues
Immediate understanding of your product security posture and relevant threats
Boosted security awareness of your team
In other words, threat modeling is a critical component of the security development process.