Protection Poker: An Agile Security Game
Each time a new feature is added to a product, developers need to consider the security risk implications, find ways to securely implement the function, and develop tests to confirm that the risk is gone or significantly lowered. Laurie Williams shares a Wideband Delphi practice called Protection Poker she's employed as a collaborative, interactive, and informal agile structure for "misuse case" development and threat modeling. Laurie shares the case study results of a software development team at RedHat that used Protection Poker to identify security risks, find ways to mitigate those risks, and increase security knowledge throughout the team. In this session, Laurie leads an interactive Protection Poker exercise in which you and other participants analyze the security risk of sample new features and learn to collaboratively think like an attacker. Participants will discuss implementation and testing strategies for the sample features to discover first hand the opportunities and challenges a security focus brings to development.
Upcoming Events
Apr 27 |
STAREAST Software Testing Conference in Orlando & Online |
Jun 08 |
AI Con USA An Intelligence-Driven Future |
Sep 21 |
STARWEST Software Testing Conference in Anaheim & Online |
Recommended Web Seminars
On Demand | Building Confidence in Your Automation |
On Demand | Leveraging Open Source Tools for DevSecOps |
On Demand | Five Reasons Why Agile Isn't Working |
On Demand | Building a Stellar Team |
On Demand | Agile Transformation Best Practices |