July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Threat assessment
To have an effective threat assessment, the following guideline or templates are suggested for the project team:
|
Threat Modeling tools/templates |
Rationale and purpose |
|
Knowledge-base of threats and mitigation |
Threat and mitigation knowledge can help the team to decide what's most relevant to the project from the knowledge list instead of starting from zero. For example, CAPEC or ATT&CCK are also good references. |
|
Tools or threat modeling templates |
A template or tool can enable the team to deliver consistent quality for threat modeling reports. |
In addition, threat modeling analysis won't limit itself to the role of the development team. It also involves the whole team including RD, QA, and DevOps.