agile
threat modeling

What is security threat modeling?

Security threat modeling, or threat modeling, is a methodology to locate and document risks, to prioritize and to derive action plans to mitigate.

It is an iterative process, where applications and its related infrastructure of digital products are being decomposed, to identify i.e. entry points, components, data flows, privilege boundaries and finally related risks and vulnerabilities.

Threat models need to follow the agile product development principles and not vice versa.

Our teams had very productive collaborations with Alice&Bob. They validated and improved our architecture and design decisions, with a strong perspective on security.
I really appreciate their in-depth technical knowledge and experience, combined with their passionate 'can-do-attitude'.

Dennis Winter
Deputy VP TechOps, solarisBank
APPROACH – HOW WE DO IT

Agile Security Threat Modeling

While there are different threat modeling approaches, evolved since the 1990s, most of them are not created with agility in mind. But threat modeling needs to be part of the agile software development processes.

The Alice&Bob.Company’s approach will cover two phases:

Phase 1 We perform a threat modeling workshop in collaboration with the product team. This familiarizes the team with the ideas and procedures. We will together determine

  • What are you building?
  • What can go wrong?
  • What are you going to do and in which order?

The workshop can be done either in a face-to-face session or remotely.

Phase 2 We introduce how Agile Threat Modeling can become part of a DevSecOps approach and your agile product development procedures. Therefore, we focus on integrating the results of phase 1 into your existing individual agile structures.

YOUR BENEFITS

Main advantages of performing an Threat Modeling Workshop with A&B:

  • Gain an inside-out perspective on what your team thinks about the security state of your digital product
  • Receive a list of identified threats and risks, while improving your teams overall security posture
  • Learn how Threat Modeling can be automated and become part of your software development lifecycle
SECURITY ASSESSMENT

Get a detailed overview of your cloud architecture, with identified vulnerabilities and misconfigurations. You will also receive defined clear steps to fix and improve you overall security posture.

Read More
PENETRATION TESTING
A&B security specialist takes over the role of an attacker (ethical hacker) to compromise customers infrastructure and/or application and provides resolution and mitigation measures.
Read More

01 health-check

AWS certified architect challenges your platform setup in a brief mutual discussion.
view more

02 warm-up

Deep dive on your individual platform, either risk or best practice based: threat mod- eling workshop, security assess- ment or well architected review.
view more

03 launch

Platform improvement due to individually defined project work (AWS Security portfolio, Shift Left, Continuous Security, Automated Auditing).
view more

04 continuous improvement

Iterative proactive managed security services or consulting solutions.
view more