Security as a Serious Game - Elevation of Privilege online
Without any doubt security is important in software development. At the same time the topic is usually not a core competence of development teams, but is audited by individual, usually external experts. These audits often happen at the end of the development process, contrary to the agile approach. In order to protect systems against attacks early, continuously, and efficiently, potential threats should be considered regularly and counteracted accordingly already during the development process.
The serious game "Elevation of Privilege", developed by Microsoft, helps integrating threat modelling into the agile development process at an early stage and creating awareness for security issues. In the game, with the help of playing cards the development team thinks from the attacker's perspective and thus identifies threats before they actually arise. And it's fun!
An open-source online version is available so that distributed teams can also play the game. TNG colleagues play a major role in developing it using JavaScript, React, and the boardgame.io game engine: https://github.com/tng/elevation-of-privilege.
You would like to try out the game and look for a moderator? Feel free to contact us at info(at)tngtech.com.