Agile Stationery Elevation of Privilege Threat Modeling Cyber Security Card Game

Very useful cards - definitely helps to think laterally and find things that you may otherwise miss. Requires the use of the accompanying book, which isn't very clear - so please be aware if you order

Bought these to help revise for a university module. They are fantastically useful for this. The card quality is okaayyy - they aren't great but are usable. I get the feeling using them that they won't last that long, but I only needed them for a semester.

Great way of making teams aware of the software security principles.

Cards are larger than a regular deck of cards (about 2.75x4.75") and the print colors are very well done. The stock is fairly thick, and cards have a bit of sheen to them. They're not like plastic coated playing cards, but seem like they should last a good while. This 'game' is an exercise for development teams to use in assessing the security controls in a new system. By using gamification, teams may be better motivated to consider actual threats against their environment. You need to be able to provide a good flow diagram of your system to play the game - allowing the team members to understand where specific threats might be able to be injected into the system. For example, Card "2 Spoofing - an attacker could squat on the random port or socket that the server normally uses". The team would need to be aware of what servers are in the system where this attack might be able to be taken advantage of. Also, the game requires some understanding of the various attacks - as they need to be able to argue 'how' the attack is applicable (or not) to the particular design.

The quality of the cards were surprisingly good. It’s a great product.

Best way to get the development team excited enough to consider security.