What is Shift Left Security? Comprehensive guide
Basics of the trendy shift-left security approach and specifically focusing on one extremely useful practise – threat modeling.
Threat modeling for agile teams
Threat modeling is an affordable and practical way to find security issues and risks early in the shift-left software development paradigm.
Get a training
Why threat modeling
There are a number of classical frameworks for secure software development, such as OWASP, SAMM, or Microsoft SDL, and others. Still, we believe threat modeling to be one of the most practically useful and efficient solutions for Agile teams to kick-off a secure development program.
Threat modeling enables teams to get the following overview:
- Assets the team has to protect
- Which threats / what can go wrong with these assets
- How to protect those assets and mitigate threats
Immidiate benefits of threat modeling:
1
A cheaper and faster way to discover security issues early
2
Raise team’s security awareness
3
Better security design and balance
How it works
We start with a kick-off training, followed by a threat modeling workshop. An experienced threat modeling expert from Iterasec is participating in every stage, supporting and guiding the team.
1. The kick-off meeting
Participants
- The whole dev team
- Iterasec expers
Goals
- To explain threat modeling concepts and train the team on some examples
- To ask questions about the agile process and your product
- To come up with the most efficient threat modeling process for your team
2. Threat modeling workshop
Participants
- Team working on the functionality/epic/product to be covered by threat modeling
- Iterasec expers
Goals
- To brainstorm on the possible threats
- To estimate possible risk levels
- To decide which security requirements or controls to apply
Typically, after the initial training and several threat modeling workshops, the team can support this process on its own without involving us anymore.
Free threat modeling training
Got interested in threat modeling? We are happy to offer a free 1-hour introductory threat modeling training for your team.
Benefits of threat modeling
So, why threat modeling? The answer is simple: it allows making rational security decisions, resulting in a secure and trustworthy product. Moreover, threat modeling ensures:
Fewer security issues by design and, as a result, saved costs on potential critical security issues
Immediate understanding of your product security posture and relevant threats
Boosted security awareness of your team
In other words, threat modeling is a critical component of the security development process.
Related materials
Contacts
Please tell us what are you looking for and we will happily support you in that.
Feel free to use our contact form or contact us directly.