Threat Modeling in an Agile Development Environment

Traditional threat modeling can be an important part of moving security leftwards from a QA-driven outcome to a design-driven outcome. Using a Data Flow Diagram works well for waterfall-style product development with a planned architecture, but what happens when you are using an agile development methodology? In this case, there is not necessarily a robust planned architecture for the product. However, there is still a way to leverage threat modeling as a powerful design tool in an agile team within story refinement, by asking the same questions of each story: – What are we working on? – What can go wrong? – What are we going to do about it? – Did we do a good enough job? During story refinement, anyone on the team can contribute. But rather than contributing to the “user” story we contribute corollary “abuser” or “misuser” stories, describing potential issues with the product function as it’s being designed. Each abuser story can then be addressed with one or more potential mitigations. Additionally, tests can be written to determine whether the mitigations were productive as an additional acceptance criteria. Shifting the responsibility of the security of the product left from the responsibility of the QA team to the product owner and technical leadership will result in a more secure product, and should also be more productive for the development team, allowing for fewer rejected stories due to security vulnerabilities (bugs) being introduced into the source code during development. About the speaker: Jonathan Coupal Jonathan Coupal is the VP of IT Services and Security and a managing partner at ITX Corp., a software development company headquartered in Rochester, NY. After graduating from Niagara University in 1993, Jonathan made his mark in the Information Technology industry over the next 30 years, initially working in IT for Buffalo-based businesses Colad and then Mod-Pac/Astronics. After working for several years in consulting, Jonathan joined ITX, a Rochester-based software development company focused on developing and hosting custom software product solutions to local and national clients, in 1998 as the second partner. He is proud of ITX’s remote-first culture, which allows the company to seek, hire, and retain the most talented technologists in the industry – wherever in the world they may be located. As ITX’s Vice President of IT Services and Security, Jonathan directs his energies to solve challenging problems through team collaboration supported by information security. In this role, he applies a simple yet elegant philosophy: at the end of the day, everyone at ITX has a job to be done. The role of security is to facilitate each individual’s role by minimizing risk as much as reasonably possible while maintaining the team’s ability to collaboratively serve their customers. For Jonathan, the goal of security is to be ever-present, but simultaneously invisible and friction free. Naturally inquisitive, Jonathan remains in continuous pursuit of new knowledge, and in sharing that knowledge with customers and colleagues. He escapes the pressures of the system and data security environment by training for his next endurance event and enjoying the outdoors with his family, trying to conquer the 46 high peaks in the Adirondacks. Jonathan also volunteers as an outdoor educator with the local Boy Scouts of America in western New York.