Today we’re launching our newest SafeStack Development Academy course: Threat Assessment for Software Development.
With this, we’re embarking on our quest to bring security not only into the implementation of systems, but into their design.
SafeStack founder Laura Bell shares her thoughts on the role of threat assessment in software development, and why there’s no better time than right now to bring this specialism to your practice.
Why threat assessment in application security matters
Engineering beautiful, performant software is an incredibly rewarding feat.
In software, many of us strive for those moments where we deploy to the world and make something better. Changing the world around us, one process at a time.
A key part of this is making our systems secure.
It's been a staggering 17 years since the OWASP Top 10 was launched and our community started discussing the ways in which our code made this vision of flawless software difficult to achieve.
Our eyes were opened to the nuance of our code structures and to the effects attackers could achieve by fighting our logic or looking for missed steps in our algorithms.
While many of our frameworks now help us address these issues by design — literally building the controls into the underlying language and libraries — the focus for much of our debate is on this granular code level approach to security.
Where should security start?
In reality, securing our systems starts well before we write any code. Security starts with design.
It doesn’t start from grooming of requirements or designing of test specifications, but from the very human process of defining how a system will function.
These systems may be entirely software, or software may play a part in a more wide-ranging approach.
Security starts by looking at the lifecycle of the interactions between data, systems, and people and examining how things could go wrong.
The process and value of threat assessment
In security, we call that process of examination threat assessment.
When this process includes the right balance of collaboration, open discussion, and scrutiny, it can provide a structured plan for reducing risk in our systems — before we even begin building.
Threat assessment and threat modelling are now considered so important to the creation of secure systems that OWASP has a sub-community devoted to it, and 15 of the world's leading application security specialists have launched the Threat Modelling Manifesto.
If we're going to raise the standard of our software and bring security to the beautiful and performant systems we aim to build, threat assessment is a key process our teams need to embrace.
There's no better time to start than now, which is why we're excited to launch our newest SafeStack Development Academy course.
About our Threat Assessment for Software Development course
This course is designed to give you the skills you need to carry out threat assessments throughout your software's life.
From design and inception through to reviewing legacy systems, this repeatable and structured approach raises our focus from the lines of code we write to the ecosystems and processes we build.
Covering a range of key areas, in this 3 hour course you’ll learn how to:
- Understand your systems and their environment
- Assess your system using a threat assessment methodology
- Prioritise your risks and apply defensive controls.
Access this course by becoming a member of SafeStack Development Academy.
What you get with a SafeStack Development Academy membership
Our programme is flexible for all levels and team sizes, with no minimum seat requirements. You'll get world-class training content designed by experts, and all at a budget-friendly price.
As well as our Threat Assessment for Software Development course course, you'll also get access to our existing Security Fundamentals for Software Development and Finding and Fixing Web Application Security Vulnerabilities courses, and new courses added quarterly.
Plus these other neat benefits:
- Monthly online seminars hosted by the SafeStack team on a range of application security topics, designed to connect you with a community of like-minded folks. Check out our most recent seminar on An AppSec Guide to Incident Response for an idea of what to expect.
- Access to our hands-on labs, where you can explore concepts and test your knowledge.
- Digital badges to recognise and share what you've learned.
We love to hear from you
We hope this course will give you practical ways to build threat assessment into your development practice, and we'd love to hear your feedback. Drop us a line on firstname.lastname@example.org and let us know what you think.