Fork me on GitHub

CultureAndOrganization -> Design: Creation of advanced abuse stories

Risk and Opportunity

Risk: Simple user stories are not going deep enough. Relevant security considerations are performed. Security flaws are discovered too late in the development and deployment process
Opportunity: Advanced abuse stories are created as part of threat modeling activities.

Usefulness and Requirements of this Activitiy

Usefullness: High
Required knowledge: High (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Creation of simple abuse stories
Implementation hints:

OWASP SAMM VERSION 2

ISO27001 2017