Security in planning activities (Requirements - Architecture & Design)

Everything as code is a central principle of DevOps and of course also of DevSecOps. Therefore the creation of code must be well prepared and carefully considered.

Security activities must take place (in the SSDLC) already in phases like requirements gathering, architecture and design.

Security requirements

(Security) requirements will come, beside from the functional requirements, from sources like:

Legal provisions (e.g. GDPR)
Compliance (e.g. ISO27001, Finma circular)
Handling of data and information according to internal data classification and specifications
Customer requirements

Existing sources of security requirements are easy to find out in the Internet (a not complete list):

Threat modeling

All results obtained in the threat model influence the security activities in subsequent phases of the SSDLC:

Threat modeling is a structured approach to identify and analyze potential threats to a system. It helps to understand the attack surface and to prioritize security measures based on the identified risks. Threat modeling can be performed using various methodologies, such as STRIDE, PASTA, or LINDDUN. The most common one is STRIDE, which stands for:

S poofing identity
T ampering with data
R epudiation
I nformation disclosure
D enial of service
E levation of privilege

The OWASP community maintains a Threat Modeling Process that can be followed to ensure a systematic approach to threat modeling. OWASP provides a Threat Modeling Cheat Sheet that can be used as a reference for performing threat modeling activities.

Tooling for threat modeling

On the OWASP website you can also find a Threat Modeling Tool that can be used to create and manage threat models.

A good introduction to threat modeling can be viewed in the following video: STRIDE Threat Modeling for Beginners - In 20 minutes