Agile was one of the most important innovations in product development methodology when it became popular in the early 2000s. Iterative development is an important piece of the modern AppSec puzzle, and it’s becoming increasingly more valuable to take the time to understand the security needs of your apps. This course is a deep dive into everything you need to know about how to build an effective Threat Model in Agile.
We’ll begin this program with a broad overview of security in Agile, and the biggest challenges you’ll face. You’ll learn how to design an iterative, collaborative Threat Model using various threat scenarios and abuser stories. You’ll also understand exactly how your Agile Threat Model applies to the software development lifecycle. Finally, we’ll show you how to do Agile Threat Modeling with our very own Threat Playbook.
This course is designed specifically to help you understand how these processes work in a real-world development scenarios, which is why we use story-driven Threat Modeling. Our material is backed by years of security testing experience, knowledge, and original research across our entire team. At the end of the course, you’ll be able to directly implement what you’ve learnt in a modern product engineering environment.
Story-Driven Threat Model — Write Abuser Stories
Write Threat Scenarios for Our Case Study
Create Mitigation Models for our Case Study
Agile Concept Overview and Implementation
Pitfalls and Challenges
Opportunities for Security in Agile
DevSecOps Implementation as an extension to Agile Security
How Threat Modeling is the glue of Agile Security
Use of Threat Modeling Outputs for the entire SDLC
Approach to Iterative, Feature-Driven Threat Modeling
Story: Abuser Stories
Story: Threat Scenarios
Story: Test Cases
Using Threat Modeling => Development Process and Checks
Incorporate Threat Modeling Outputs to Static Checks and Checklists
Incorporate Threat Modeling Outputs to Penetration Testing and Red-Teaming:
Incorporate Threat Modeling Outputs in Incident Response
Generating “Threat Models as Code”
Threat Model Process Flow Diagrams with MermaidJS and Robot Framework
Documenting Security Test Cases for Threat Models