User Story Threat Modeling: It’s the DevSecOps Way

| Talk |

Alyssa Miller, Application Security Advocate, Snyk

Threat modeling is one of those security practices that is most often left out of the DevOps pipeline. Yet according to the Puppet 2019 State of DevOps Report, while not as often practiced in a DevOps Pipeline, collaborative threat modeling can have the most significant impact on security posture. So how bring the typically labor-intensive methodology of threat modeling into a practice that doesn't break our DevSecOps pipeline?

In this session, we'll discuss a user story-based approach for threat modeling that was developed by asking the question, why do we threat model in the first place?

The methodology presented focuses on continuous improvement by eliminating time-consuming frameworks, limiting the scope, and providing valuable information that makes incorporating and validating security controls easier throughout the delivery pipeline. We'll even walk through a practical application of this methodology to show how it drives greater collaboration among various teams to make the ideals of DevSecOps culture a reality.

Curious for more? Learn why Snyk is loved by both developers and security teams and how you can secure your Cloud Native Application Stack.