Secure by Design With Agile Threat Modelling
Threat modelling is an essential part of building secure systems. The United States’ Executive Order 14028 to improve the nation’s cybersecurity mandates threat modeling as part of the minimum standard for verification. OWASP’s Top 10:2021 puts Insecure Design at number 4 of the top 10 risks to businesses.
To scale threat modelling to cover your whole organisation you must put the capability into the hands of of your product development teams. Agile threat modelling provides a focus for your teams to think critically about their system’s design and how it could be attacked. It’s performed as part of the usual cadence of agile delivery, and the output is actionable work on the team’s backlog.
Threat modelling essentially attempts to answer four, simple questions:
- What are we working on?
- What could go wrong?
- What are we going to do about it?
- Did we do a good job?
And in this session, one of our expert practitioners will guide your team through the process of answering them. We’ll utilise a gamified, structured framework for threat modelling, either OWASP Cornucopia or Elevation of Privilege to provide focus for the team and help you capture the security work arising as actionable backlog items.
Product development teams. The session focuses on a single product or service and requires people with hands-on, technical knowledge of its implementation. Non-technical team members and product decision makers are encouraged to participate to bring the full product view to the session.
Knowledge of the system being threat modelled and the technology ecosystem it is a part of.
- Secure Product
- Secure Engineering
- 3-6 players
- Up to 6 observers
It was an entertaining session that generated a lot of good discussions. The game is straightforward and it allowed for newcomers to participate as much as some of the team's veterans. Would definitely plan to do it again. The facilitator is very important as well, as he gives insights on what alternative solutions are out there.
I really want to play this game, but I also think the game master was imperative to the fun-factor, but also because he kept us progressing.
It was a really good and alternative way to talk about the security part of the product. It also helped that everyone got a chance to talk instead of the usual 3-4 people.
Fun - which surprised me because I thought security stuff was boring