Culture and Organization -> Design: Creation of simple abuse stories
Risk and Opportunity
Risk: User stories mostly don't consider security implications. Security flaws are discovered too late in the development and deployment process.
Opportunity: Abuse stories are created during the creation of user stories.
Dependencies: Conduction of simple threat modeling on technical level, Creation of threat modeling processes and standards
- [Don't Forget EVIL U, Link, Tags:
Usefulness and Requirements of this Activity
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001
- may be part of project management
- may be part of risk assessment