Get full access to Hands-On Security in DevOps and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Threat assessment

To have an effective threat assessment, the following guideline or templates are suggested for the project team:

Threat Modeling tools/templates	Rationale and purpose
Knowledge-base of threats and mitigation	Threat and mitigation knowledge can help the team to decide what's most relevant to the project from the knowledge list instead of starting from zero. For example, CAPEC or ATT&CCK are also good references.
Tools or threat modeling templates	A template or tool can enable the team to deliver consistent quality for threat modeling reports.

In addition, threat modeling analysis won't limit itself to the role of the development team. It also involves the whole team including RD, QA, and DevOps.

Get Hands-On Security in DevOps now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now