What is security threat modeling?
Security threat modeling, or threat modeling, is a methodology to locate and document risks, to prioritize and to derive action plans to mitigate.
It is an iterative process, where applications and its related infrastructure of digital products are being decomposed, to identify i.e. entry points, components, data flows, privilege boundaries and finally related risks and vulnerabilities.
Threat models need to follow the agile product development principles and not vice versa.
APPROACH – HOW WE DO IT
Agile Security Threat Modeling
While there are different threat modeling approaches, evolved since the 1990s, most of them are not created with agility in mind. But threat modeling needs to be part of the agile software development processes.
The Alice&Bob.Company’s approach will cover two phases:
Phase 1 We perform a threat modeling workshop in collaboration with the product team. This familiarizes the team with the ideas and procedures. We will together determine
The workshop can be done either in a face-to-face session or remotely.
Phase 2 We introduce how Agile Threat Modeling can become part of a DevSecOps approach and your agile product development procedures. Therefore, we focus on integrating the results of phase 1 into your existing individual agile structures.
Main advantages of performing an Threat Modeling Workshop with A&B:
Get a detailed overview of your cloud architecture, with identified vulnerabilities and misconfigurations. You will also receive defined clear steps to fix and improve you overall security posture.