Threat Modeling & Security Testing
intermediatedevsecopssecuritydevops
Integrate threat modeling and automated security testing into your pipeline
← Back to IntermediateLearning Objectives
Apply the STRIDE methodology for threat modeling
Implement Static Application Security Testing (SAST)
Configure Dynamic Application Security Testing (DAST)
Add Interactive Application Security Testing (IAST)
Automate dependency and container image scanning
Requirements
- Create a STRIDE threat model document for your application
- Integrate SAST tool (e.g., SonarQube, ESLint security plugin)
- Configure a DAST scanner (e.g., OWASP ZAP) against a staging environment
- Enable IAST in your test suite if supported
- Automate dependency scanning (e.g., OWASP Dependency-Check or Snyk)
Stretch goals
- Fail builds on critical/high severity findings
- Generate security reports as pipeline artifacts
- Simulate an exploit based on a discovered vulnerability
Deliverables
- Threat model document committed to repo
- Configuration files for SAST, DAST, IAST, and dependency scanners
- Sample security report showing scan results
Links
You will embed security early in your development lifecycle.
Submit Your Solution
Completed this project? Share your solution with the community!
- Push your code to a GitHub repository
- Open an issue on our GitHub repo with your solution link
- Share on X with the hashtag #DevOpsDiary