×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Protection Poker: An Agile Security Game

by on Nov 21, 2013

  • 166 views

Each time a new feature is added to a product, developers need to consider the security risk implications, find ways to securely implement the function, and develop tests to confirm that the risk is ...

Each time a new feature is added to a product, developers need to consider the security risk implications, find ways to securely implement the function, and develop tests to confirm that the risk is gone or significantly lowered. Laurie Williams shares a Wideband Delphi practice called Protection Poker she's employed as a collaborative, interactive, and informal agile structure for "misuse case" development and threat modeling. Laurie shares the case study results of a software development team at RedHat that used Protection Poker to identify security risks, find ways to mitigate those risks, and increase security knowledge throughout the team. In this session, Laurie leads an interactive Protection Poker exercise in which you and other participants analyze the security risk of sample new features and learn to collaboratively think like an attacker. Participants will discuss implementation and testing strategies for the sample features to discover first hand the opportunities and challenges a security focus brings to development.

Statistics

Views

Total Views
166
Views on SlideShare
162
Embed Views
4

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 4

http://www.stickyminds.com 3
http://beta.stickyminds.com 1

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
Post Comment
Edit your comment

Protection Poker: An Agile Security Game Protection Poker: An Agile Security Game Document Transcript