Fork me on GitHub

Culture and Org. -> Design: Creation of advanced abuse stories

Risk and Opportunity

Risk: Simple user stories are not going deep enough. Relevant security considerations are performed. Security flaws are discovered too late in the development and deployment process
Opportunity: Advanced abuse stories are created as part of threat modelling activities.

Exploit details

Usefullness: High
Required knowledge: High (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Creation of simple abuse stories
Implementation hints: Don't Forget EVIL User Stories and Practical Security Stories and Security Tasks for Agile Development Environments
OWASP SAMM 1 Mapping: TA2-A
ISO27001:2017 Controls Mapping: