Abuser Stories – Think Like the Bad Guy with Judy Neher – at Agile 2015

We all know that User Stories capture goals from the user perspective along with their business value. On the flip side, how can we ensure we’ve thoroughly examined the ways in which hackers, criminals and adversaries can exploit those stories to get access to our most valuable resources: Our Data!

Abuser stories is a way to capture potential vulnerabilities in software systems, using the standard user story format. While user stories are written from a user perspective, abuser stories are written from an enemy or attacker’s perspective and describe the enemy’s mal-intent and motivation.