Agile Security Threat Modeling
In Agile/ XP / DevOps development environment many of organizations just ignore or give less priority for the security testing until the security bugs are identified by the hacker or professional security expert. My aim is to bring a light on the “Agile Security Threat Model” that help to move fast on security testing in early stage of development which help to save money spent on security testing and help to build the safe application for the end users.
Step 1: Identify the known threads in the system (Infrastructures/Entry points/ Endpoints).
Investigate about your – DFD, UML, Entry Points, API, A privilege boundary separates processes, entities, nodes and other elements that have different trust levels.
Step2: Rank / categorize the threads in order to decreasing risk.
Rank / categorize your security bugs – Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, and Elevation of privilege.
Step3: Understand and develop Responding strategy.
Build your responding strategy – Improve in the code / programming, Improve the Infrastructures/Entry points/ Endpoints security.
Step4: Identifying & implementing the techniques to mitigate threads.
implement solutions – coding / programming standards with security & Implement Infrastructures/Entry points/ Endpoints security standards.
Test you application – Try to hack your application like a “Bad Boy”.