In a unique combination of architectural reviewing, threat modeling, and training, Truesec can offer the concept of introductory Security Therapy for development teams in the form of single or multi-session workshops. This concept has proven to provide great value for development teams, with little preparation needed by the customer.
Most development teams could benefit from having an application security program but do not have such capabilities in place. Truesec’s application security experience has proven that many security risks can be exposed by discussing the technical solutions with the development team.
Security Therapy is available as a single engagement consisting of one to three days of workshops with your development team, where we adapt the content to the application, security requirements, and security knowledge level of the team. The main benefits are the discussions during the workshops, in addition to short actionable lists of recommended actions and threats to consider.
What we typically cover in introductory Security Therapy:
- Introduction to the concept of threat modeling and trust boundaries.
- Whiteboard exercises to find areas that require improvement.
- Discussions on application security topics relevant to the project. For example, guidance in secure coding patterns, secure integration between systems, federated identities, and cloud deployment.
- The opportunity for your teams to ask questions and discuss current security issues with our experts.
- Presentations and short training sessions on relevant topics.
- Optional addition: Maturity Assessment.
With the Security Therapy as a basis, it is also possible to continue Truesec’s engagement with the team in the form of a Software Security Initiative.
Security Therapy sessions can be performed on-site or remotely.