Generic test cases fail to account for vulnerabilities specific to the design and functionality of the application under review. we45’s application threat modeling service helps security teams identify and prioritise critical data/workflows in an application by drawing on user and abuser stories to capture threats comprehensively.
At we45, we believe that threat models are the playbooks of product security engineering. Threat Modeling should therefore be integrated with the Software Development Lifecycle (SDLC) and performed iteratively for every product release. To account for new feature development, changes to architecture and other dynamic modifications to produce actionable outputs that can be acted upon by various teams within an organization.
Our open source project - Threat Playbook allows product teams to capture User Stories, Abuse Stories, Threat Models and Security Test Cases in YAML Files with the help of Test Automation Frameworks. In addition to facilitating the capture of Threat Models as code, Threat playbook helps product teams trigger security test cases playing the role of a unified DevSecOps framework.
Having worked on hundreds of application security engagements, across different industry verticals, our security experts bring their leading-edge skills to your application's Threat Modeling. Our world renowned Training programs impart a practical understanding of performing Threat Modeling in agile environments.
Simply put, an Abuser Story is a simple description of how the User Story (Feature) can be abused by a malicious actor. They are a useful way to integrate security into your Scrum/Agile Team.
Perform Iterative Threat Modeling in an Agile Environment with Threat Playbook, we45's open source framework, that allows product teams to capture user stories, abuser stories, threat models and security test cases in YAML files.
Threat Modeling is considered an essential activity in the modern Software Development Life-cycle. It helps in identifying threats and possible vulnerabilities early.