A Large Financial Institution Uses SD Elements as their Lightweight Threat Modeling Tool

April 29, 2019 Clara Christopher

Challenges  

The client’s development teams were going through a long ‘security best practices’ checklist for their applications, which included more than 100 line items. This checklist covered content for all platforms, languages, frameworks, and technologies, and it demanded a significant portion of the developers’ time to go through. Despite these efforts, the team still faced false positives and false negatives during the late phases of the application lifecycle.

 

Solution

 Our client onboarded SD Elements and used it as a lightweight threat modeling tool, which solved their checklist issue instantly. Developers simply answered a 15-minute survey during the initial stages of the application lifecycle, and SD Elements took care of the heavy lifting, presenting the team with actionable tasks tailored to the application in question, within a number of minutes.

 

Learnings

 The client’s development team no longer had to spend significant amounts of time deciphering whether checklist items were applicable to their applications. After completing the SD Elements survey, they reliably received a straightforward list of tasks, ranked according to priority. The client’s development team now simply completes tasks according to priority and spends their time implementing the security measures– instead of trying to figure out which ones to follow. This has created a highly efficient workflow and stringent security standards within the organization.

 
Previous Flipbook
SEC 202 Threat Model Express
SEC 202 Threat Model Express

Learn about Security Compass's course on Threat Model Express.

Next Article
Take 15 minutes to uncover your high-risk vulnerabilities
Take 15 minutes to uncover your high-risk vulnerabilities

Methods for assessing software security risk fall into two broad types: Modeling: Understanding the risks ...

×

Schedule a live demo

First Name
Last Name
Company Name
!
Thank you!
Error - something went wrong!