Shift-Left Security: The Basics of Threat Modeling
Basics of the trendy shift-left security approach and specifically focusing on one extremely useful practise – threat modeling.
There are a number of classical frameworks implementing shift-left testing, such as OWASP, SAMM, or Microsoft SDL, and others. Still, we believe threat modeling to be one of the most practically useful and efficient solutions for Agile teams to kick-off a secure development program.
Threat modeling provides an affordable way for teams to understand the following:
That’s why at Iterasec, we offer a unique threat modeling approach to help dev teams:
We start with a kick-off training, followed by a threat modeling workshop. An experienced threat modeling expert from Iterasec is participating in every stage, supporting and guiding the team.
1. The kick-off training
2.Threat modeling workshop
Typically, after the initial training and several threat modeling workshops, the team can support this process on its own without involving us anymore.
So, why threat modeling? The answer is simple: it allows making rational security decisions, resulting in a secure and trustworthy product. Moreover, threat modeling ensures:
Fewer security issues by design and, as a result, saved costs on potential criticalsecurity issues
Immediate understanding of your product security posture and relevant threats
Boosted security awareness of your team
In other words, threat modeling is a critical component of the security development process.