From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Tool: Rapid Risk Assessment
From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Tool: Rapid Risk Assessment
- [Instructor] Threat modeling is a great practice, and I've had success with it in the past. But generally threat modeling works well with established software or services. So what do you do when the app or service is under active development? What if you're making changes weekly, or daily? Enter Rapid Risk Assessment. Mozilla has a creative commons license process, called Rapid Risk Assessment. Let's open up the browser and head over to, infosec.mozilla.org/guidelines/risk/rapid_risk_assessment. This is a great tool because it's quick. You'll keep the total assessment to about 30 minutes. It's also high-level. The goal is to provide a fast assessment, but as you repeat the process, you can build out a full threat model. It's also easy to update. It serves as a guide that's fluid and moves with the practice of software development. Really, this could probably be dubbed, agile threat modeling and not be too far off the mark. The goal here is within about 30 minutes, to answer…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.