Why threat modeling

There are a number of classical frameworks implementing shift-left testing, such as OWASP, SAMM, or Microsoft SDL, and others. Still, we believe threat modeling to be one of the most practically useful and efficient solutions for Agile teams to kick-off a secure development program. 

Threat modeling provides an affordable way for teams to understand the following:

  • Assets the team has to protect
  • Which threats / what can go wrong with these assets
  • How to protect those assets and mitigate threats

 

That’s why at Iterasec, we offer a unique threat modeling approach to help dev teams:

  • kick-start threat modeling
  • mitigate the identified risks
  • educate them on supporting this process on their own

How it works

We start with a kick-off training, followed by a threat modeling workshop. An experienced threat modeling expert from Iterasec is participating in every stage, supporting and guiding the team.

1. The kick-off training

Participants
  • The whole dev team
  • Iterasec expert
Goals
  • To explain threat modeling concepts and train the team on some examples
  • To ask questions about the agile process and your product
  • To come up with the most efficient threat modeling process for your team

2.Threat modeling workshop

Participants
  • Team working on the functionality/epic/product to be covered by threat modeling
  • Iterasec expert
Goals
  • To brainstorm on the possible threats
  • To estimate possible risk levels
  • To decide which security requirements or controls to apply

Typically, after the initial training and several threat modeling workshops, the team can support this process on its own without involving us anymore.

Benefits

So, why threat modeling? The answer is simple: it allows making rational security decisions, resulting in a secure and trustworthy product. Moreover, threat modeling ensures:

01

Fewer security issues by design and, as a result, saved costs on potential criticalsecurity issues

02

Immediate understanding of your product security posture and relevant threats

03

Boosted security awareness of your team

In other words, threat modeling is a critical component of the security development process.

Contact us