Affiliation:
1. SINTEF Digital, Norway
Abstract
Threat modeling is a way to get an overview of possible attacks against your systems. The advantages of threat modeling include tackling security problems early, improved risk assessments, and more effective security testing. There will always be limited resources available for security, and threat modeling will allow you to focus on the most important areas first. There is no one single “correct” way of doing threat modeling, and “agile” is no excuse for not doing it. This chapter describes the authors' experiences with doing threat modeling with agile development organizations, outlining challenges to be faced and pitfalls to be avoided.
Reference20 articles.
1. Assal, H., & Chiasson, S. (2018). Security in the software development lifecycle. In Fourteenth symposium on usable privacy and security (SOUPS 2018) (pp. 281-296). Academic Press.
2. Agile Team Members Perceptions on Non-functional Testing: Influencing Factors from an Empirical Study
3. Conklin, L. (2014). CRV2 AppThreatModeling. Retrieved from https://www.owasp.org/index.php/CRV2AppThreatModeling
4. Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects.;D. S.Cruzes;Proceedings of the 25th Australasian Software Engineering Conference (ASWEC),2018
5. Principles of canonical action research
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献