Here are some materials to support agile threat modelling for software security on delivery teams, particularly using short, timeboxed, workshops with the STRIDE methodology.

Timeboxed STRIDE

• Detailed workshop guide to agile threat modelling for facilitators
• Slide deck to introduce team to STRIDE and how to do Agile threat modelling
• Printable A5 Cue cards for STRIDE to support workshop

Background

• Overview of motivations and approach as given at NCSC Developers Den seminar
• Motivation for approach from lightening talk given at NCSC Cyber 17 Aglile Track
• Mostly outdated O'Reilly Talk by @jgumbley with background thinking about finding a continuous approach

Security Objectives

Sometimes you want to run an exercise with business stakeholders rather than focussed on technology. These can help.

• Printable HTML of Threat Cards for printing out on A4 paper
• PDF version of Threat Cards for printing out on A4 paper

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.