It’s easy to think of threat modeling as something developers do during the DevOps process to ensure a safe application. And that’s certainly true. To that end, threat modeling is something you do when developing an application. But that’s not the only time you should...
There’s a belief in the security community that if you’re doing threat mapping, you don’t need to do threat modeling. The idea is that threat mapping is just as good as, or at least takes the place of, threat modeling. It’s true they are both a formalized way to...
Any piece of code can have a vulnerability. Whether application code or infrastructure code, errors, oversights and misconfigurations happen. The question developers must answer is, how many negative outcomes an attacker could realize because of that vulnerability....
You threat model to identify threats and implement mitigations before you deploy an application. In this regard, the overarching reason for your commitment to do threat modeling is to avoid incident response altogether. Theoretically, an application with no...
DevOps is a natural byproduct of the shift to agile software development and the move to the cloud. One of the main benefits of DevOps is the speed of software iteration, based on user stories and development sprints. The drawback to all this speedy development,...