NOV. 8 – 13, 2020
POTSDAM, GERMANY

EUROPE'S GREATEST AGILE SOFTWARE TESTING FESTIVAL!

Evil User Stories - Improve Your Application Security

Evil user stories are a way of addressing security threats early in the planning and implementation phase.

Are you tired of fixing security bugs afterwards in a hurry? Have you gone through depressing penetration testing reports too many times? Evil user stories are a way of addressing security threats in the planning and implementation phase.

The idea of evil user stories is simple: First, identify important data and assets in the application you are protecting. Then, identify threat scenarios by completing the sentence “An attacker should not be able to…”.

You can use evil user stories in development by putting them in the backlog and adding mitigations as acceptance criteria. This helps in implementing security together with functionality. In addition, they are a good starting point for test planning and getting testers involved in design.

You will learn to create evil user stories from different attacker perspectives and will be able to make security efforts visible in the backlog which is a step closer to building security in.


More Related Sessions


30-minute Talk

10:25-10:55 Room F3 - Track 3: Talks

Derive test data from production data while respecting GDPR

30-minute New Voice Talk

15:10-15:40 Room F1 - Track 1: New Voices

Little Red Riding Hood and the forest of broken windows

30-minute New Voice Talk

16:10-16:40 Room F3 - Track 3: Re-Do Sessions

Re-Do of: Little Red Riding Hood and the forest of broken windows

30-minute Talk

14:25-14:55 Room F2 - Track 2: Talks

The Five Quality Metrics You’ll Ever Need

Other Events:

Your privacy matters

We use cookies to understand how you use our site and to give you the best experience on our website. If you continue to use this site we will assume that you are happy with it and accept our use of cookies, Privacy Policy and Terms of Use.