Create a new game

Preparations

  1. Identify an application or application process to review; this might be a concept, design or an actual implementation
  2. Have a data flow diagram, or make one!
  3. Invite a group of 3-6 people on your team who know what's been built, or what's going to be built, inside out
  4. Have some prizes to hand (gold stars, chocolate, pizza, beer, flowers, whatever you need)

Scoring

  1. Score +1 for each card you can identify as a valid threat to the application under consideration
  2. Score +1 if you win a round
  3. Once all cards have been played, whoever has the most points wins
  4. The winner receives fabulous prizes

Closure

  1. Review all the applicable threats and the matching security requirements
  2. Create user stories, specifications and test cases as required for your development methodology