agile
threat modeling

What is security threat modeling?

Security threat modeling, or threat modeling, is a methodology to locate and document risks, to prioritize and to derive action plans to mitigate.

It is an iterative process, where applications and its related infrastructure of digital products are being decomposed, to identify i.e. entry points, components, data flows, privilege boundaries and finally related risks and vulnerabilities.

Threat models need to follow the agile product development principles and not vice versa.

Our teams had very productive collaborations with Alice&Bob. They validated and improved our architecture and design decisions, with a strong perspective on security.
I really appreciate their in-depth technical knowledge and experience, combined with their passionate 'can-do-attitude'.

Dennis Winter
Deputy VP TechOps, solarisBank
APPROACH – HOW WE DO IT

Agile Security Threat Modeling

While there are different threat modeling approaches, evolved since the 1990s, most of them are not created with agility in mind. But threat modeling needs to be part of the agile software development processes.

The Alice&Bob.Company’s approach will cover two phases:

Phase 1 We perform a threat modeling workshop in collaboration with the product team. This familiarizes the team with the ideas and procedures. We will together determine

The workshop can be done either in a face-to-face session or remotely.

Phase 2 We introduce how Agile Threat Modeling can become part of a DevSecOps approach and your agile product development procedures. Therefore, we focus on integrating the results of phase 1 into your existing individual agile structures.

YOUR BENEFITS

Main advantages of performing an Threat Modeling Workshop with A&B:

SECURITY ASSESSMENT

Get a detailed overview of your cloud architecture, with identified vulnerabilities and misconfigurations. You will also receive defined clear steps to fix and improve you overall security posture.

PENETRATION TESTING
A&B security specialist takes over the role of an attacker (ethical hacker) to compromise customers infrastructure and/or application and provides resolution and mitigation measures.