Fork me on GitHub

Culture and Org.: Conduction of advanced threat modelling

Risk and Opportunity

Risk: Inadequate identification of business and technical risks.
Opportunity: Threat modelling is performed by using reviewing user stories and producing security driven data flow diagramms.

Exploit details

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low

OWASP SAMM 1 Mapping: TA2-B