Add Your Heading Text Here

LEARNING PATH: Threat Modeling

Agile Threat Modelling

Agile was one of the most important innovations in product development methodology when it became popular in the early 2000s. Iterative development is an important piece of the modern AppSec puzzle, and it’s becoming increasingly more valuable to take the time to understand the security needs of your apps. This course is a deep dive into everything you need to know about how to build an effective Threat Model in Agile.

We’ll begin this program with a broad overview of security in Agile, and the biggest challenges you’ll face. You’ll learn how to design an iterative, collaborative Threat Model using various threat scenarios and abuser stories. You’ll also understand exactly how your Agile Threat Model applies to the software development lifecycle. Finally, we’ll show you how to do Agile Threat Modelling with our very own Threat Playbook.

This course is designed specifically to help you understand how these processes work in a real-world development scenarios, which is why we use story-driven Threat Modelling. Our material is backed by years of security testing experience, knowledge, and original research across our entire team. At the end of the course, you’ll be able to directly implement what you’ve learnt in a modern product engineering environment. 

Try for freeExplore Threat Modeling
Proficiency Intermediate
Audience DevSecOps
Lessons​ 7
Cloud Labs​ 2
  • Gentle introduction to Security in Agile

    Agile Concept Overview and Implementation

  • A Realistic picture of Agile Security Implementations
    • Pitfalls and Challenges
    • Opportunities for Security in Agile
  • Security in DevOps

    DevSecOps Implementation as an extension to Agile Security

  • Need for Security in Agile Development Teams
    • How Threat Modeling is the glue of Agile Security
    • Use of Threat Modeling Outputs for the entire SDLC
  • Agile Threat Modeling = Requirements and Design Stage
    • Approach to Iterative, Feature-Driven Threat Modeling
      • Collaborative Threat Modeling exercise
      • Elevation of Privilege Card Game for UserStory/Feature
  • Story-Driven Threat Modeling
    • Story => Abuser Stories
      • Write Abuser Stories for User Stories
    • Story => Threat Scenarios
      • Write Threat Scenarios for Abuser Stories and User Stories
    • Story => Test Cases
      • Write Acceptance Tests/Refutation Criteria
  • Agile Threat Modeling => Apply to Rest of SDLC
    • Using Threat Modeling => Development Process and Checks
    • Incorporate Threat Modeling Outputs to Static Checks and Checklists
    • Incorporate Threat Modeling Outputs to Penetration Testing and Red-Teaming:В 
      • Pre-Deployment Security Checks
      • Post-Deployment Security Checks
    • Incorporate Threat Modeling Outputs in Incident Response
  • Agile Threat Modeling with ThreatPlaybook
    • Generating “Threat Models as Code”
    • Threat Model Process Flow Diagrams with MermaidJS and Robot Framework
    • Documenting Security Test Cases for Threat Models
  • Story-Driven Threat Model — Write Abuser Stories
  • Write Threat Scenarios for Our Case Study
Get startedExplore Threat Modeling