Capturing security requirements in an agile environment. Bad guys are out there…Who’s thinking about securing our systems and data??? When do we/should we think about security in our software systems?? How can we pull security forward in our agile processes? Let’s talk about Abuser Stories…!!
How can we can use our familiar user story format to capture potential vulnerabilities in software systems?? While user stories are written from a user perspective, abuser stories are written from an enemy or attacker’s perspective and describe the enemy’s mal-intent and motivation.