DevSecOps

In this section

Related articles

Threat Intelligence Lifecycle | Phases & Best Practices Explained Continuous security within DevSecOps Shift Left Security: Best Practices for Getting Started 3 Steps to Get Started with Shift Left Testing A deep dive into cyber threat intelligence How Does Threat Modeling Fit Into the Fast World of DevSecOps?Understanding Security Automation Key Components of the DevOps Pipeline 5 DevOps pipeline best practices Top 10 DevOps Tools DevOps Security best practices Infrastructure as Code in a DevSecOps World How to Detect and Prevent Configuration Drift

User Story Threat Modeling: It’s the DevSecOps Way

The Impact of DevSecOps Quantified How to Implement a DevSecOps Culture in a Large Enterprise - People, Processes, Tools

Want to try it for yourself?

User Story Threat Modeling: It’s the DevSecOps Way

0 mins read

| Talk |

Alyssa Miller, Application Security Advocate, Snyk

Threat modeling is one of those security practices that is most often left out of the DevOps pipeline. Yet according to the Puppet 2019 State of DevOps Report, while not as often practiced in a DevOps Pipeline, collaborative threat modeling can have the most significant impact on security posture. So how bring the typically labor-intensive methodology of threat modeling into a practice that doesn't break our DevSecOps pipeline?

In this session, we'll discuss a user story-based approach for threat modeling that was developed by asking the question, why do we threat model in the first place?

The methodology presented focuses on continuous improvement by eliminating time-consuming frameworks, limiting the scope, and providing valuable information that makes incorporating and validating security controls easier throughout the delivery pipeline. We'll even walk through a practical application of this methodology to show how it drives greater collaboration among various teams to make the ideals of DevSecOps culture a reality.

Curious for more? Learn why Snyk is loved by both developers and security teams and how you can secure your Cloud Native Application Stack.

Up Next

The Impact of DevSecOps Quantified

This talk is a presentation of research that quantifies the impact that various DevSecOps software security practices have on security risk outcomes.

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start free Book a live demo

Product

Developer Security Platform Snyk Code (SAST)Snyk Open Source (SCA)Snyk Container Snyk Infrastructure as Code Cloud security Software supply chain security Pricing Deployment options Integrations IDE plugins What is Snyk?Snyk CLI

Resources

Documentation Snyk API Docs API status Disclosed vulnerabilities Support portal & FAQ’s Blog Security fundamentals Resources for security leaders Snyk Learn Vulnerability Database Snyk OSS Advisor Code snippets Videos

Company

About Customers Careers Events Snyk Impact Snyk for government Press kit Security & trust Legal terms Privacy For California residents: Do not sell my personal information

Connect

Book a live demo Contact us Support Report a new vuln

Security

JavaScript security Container Security Kubernetes Security Application Security Open Source Security Cloud Security Secure SDLC Cloud Native Security Secure coding Python Code Examples JavaScript Code Examples Code Checker Python JavaScript Website Scanner