Practical Threat Modeling: Engaging Testers Early
Threat modeling is one of the most important activities that development and test teams should perform as part of a security development lifecycle. Although threat modeling is not always easy to get going for a team that has little or no security experience, it can be critical to your products and your project. Edward Bonver explores the process behind modeling threats to systems and demonstrates resulting models. He explains how the process has been successfully implemented and followed across Symantec, where development teams and environments vary dramatically across hundreds of products. Learn how the Symantec development and test teams build a comprehensive security profile of the software, providing a guide for secure development as well as the testing focus and strategy. In addition find out how they use threat models as a learning method to make sure, early on, that testers develop a thorough understanding of the system under test.