| dc.contributor.author | Beozzo, Emanuele | |
| dc.date.accessioned | 2023-10-11T21:11:26Z | |
| dc.date.available | 2023-10-11T21:11:26Z | |
| dc.date.issued | 2023-10-09 | |
| dc.identifier.uri | https://www.utupub.fi/handle/10024/175912 | |
| dc.description.abstract | Dealing with security aspects has become one of the priorities for companies operating in every sector. In the software industry building security requires being proactive and preventive by incorporating requirements right from the ideation and design of the product. Threat modelling has been consistently proven as one of the most effective and rewarding security activities in doing that, being able to uncover threats and vulnerabilities before they are even introduced into the codebase. Numerous approaches to conduct such exercise have been proposed over time, however, most of them can not be adopted in intricate corporate environments with multiple development teams.
This is clear by analysing the case of Company Z, which introduced a well-documented process in 2019 but scalability, governance and knowledge issues blocked a widespread adoption. The main goal of the Thesis was to overcome these problems by designing a novel threat modelling approach, able to fit the company’s Agile environment and capable of closing the current gaps.
As a result, a complete description of the redefined workflow and a structured set of suggestions was proposed. The solution is flexible enough to be adopted in multiple different contexts while meeting the requirements of Company Z. Achieving this
result was possible only by analysing the industry’s best practices and solutions, understanding the current process, identifying the pain points, and gathering feedback from stakeholders. The solution proposed includes, alongside the new threat modelling process, a comprehensive method for evaluating and verifying the effectiveness of the proposed solution. | |
| dc.format.extent | 117 | |
| dc.language.iso | eng | |
| dc.rights | fi=Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.|en=This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.| | |
| dc.subject | threats, threat modelling process, evaluation process, agile, automation | |
| dc.title | A modern approach for Threat Modelling in agile environments: redesigning the process in a SaaS company | |
| dc.type.ontasot | fi=Diplomityö|en=Master's thesis| | |
| dc.rights.accessrights | avoin | |
| dc.identifier.urn | URN:NBN:fi-fe20231011139596 | |
| dc.contributor.faculty | fi=Teknillinen tiedekunta|en=Faculty of Technology| | |
| dc.contributor.studysubject | fi=Tieto- ja viestintätekniikka|en=Information and Communication Technology| | |
| dc.contributor.department | fi=Tietotekniikan laitos|en=Department of Computing| | |
