Using gamification and storytelling in threat modelling for secure application

In many projects, security requirements are still defined top-down - by architects or security specialists - without really involving the development team or the specialist side. This leads to incomplete protection concepts and resistance during implementation.
In this presentation, we will use a four-stage model to show how security can be planned and integrated collaboratively - from the static system view to protection requirements analysis and threat detection through to specific countermeasures.