User Story Threat Modeling: It's the DevSecOps Way
timelapse
1 min read
| Talk |
Alyssa Miller, Application Security Advocate, Snyk
Threat modeling is one of those security practices that is most often left out of the DevOps pipeline. Yet according to the Puppet 2019 State of DevOps Report, while not as often practiced in a DevOps Pipeline, collaborative threat modeling can have the most significant impact on security posture. So how bring the typically labor-intensive methodology of threat modeling into a practice that doesn’t break our DevSecOps pipeline?
In this session, we’ll discuss a user story-based approach for threat modeling that was developed by asking the question, why do we threat model in the first place. The methodology presented focuses on continuous improvement by eliminating time-consuming frameworks, limiting the scope, and providing valuable information that makes incorporating and validating security controls easier throughout the delivery pipeline. We’ll even walk through a practical application of this methodology to show how it drives greater collaboration among various teams to make the ideals of DevSecOps culture a reality.
Curious for more? Learn why Snyk is loved by both developers and security teams and how you can secure your Cloud Native Application Stack.
Continuous security within DevSecOps
What is continuous security monitoring? Continuous security monitoring is the natural evolution of security. Modern software development is moving towards a continuous-everything model, from integration to delivery/deployment. Traditional security approaches focus on testing software releases post-production, but this approach creates bottlenecks to development and potentially pushes vulnerabilities into production. Continuous security instead integrates security with...
Keep reading