Free Delivery on orders above £75 for our US and Europe customers

Elevation of Privilege Threat Modeling with Privacy

£23.00 £25.00

Description

The Elevation of Privilege (EoP) card game offers a structured and engaging approach to threat modeling, enabling development teams to identify potential security vulnerabilities while software designs are still on the whiteboard.

This extended edition contains additional threat cards with Privacy anti-patterns, helping developers to spot common privacy and data handling errors at the same stage, while designs are still easy to change.

The deck adds Privacy to the classic STRIDE categories forming a new STRIPED mnemonic that prompts engineers, architects and product people to consider their designs from new angles.

Bulk Pricing

Automatically applied at checkout:

Buy Discount
5 or more decks 5% off
10 or more decks 10% off
20 or more decks 20% off
30 or more decks 30% off

Outcome

Identify security and privacy work that needs doing earlier in the project lifecycle. Defuse difficult relationships. Build trust. Bring teams together in peace and harmony.

Specifications

  • Suits
    Spoofing, Tampering, Repudiation, Information Disclosure, Privacy, Elevation of Privilege, Denial of Service
  • # Cards
    102
  • Created by
    Mark Vinkovits

Try a branded version

If you'd like to encourage the use of this technique within your team or organisation, a branded deck is a great way to demonstrate your support and commitment to the process.

Why teams use Elevation of Privilege?

Elevation of Privilege works because it gives everyone a way into the conversation.

Developers understand the system. Product owners understand business impact. Testers think about failure. Security teams bring specialist knowledge. The game gives all of them a shared structure for discussing risk.

How the game works?

Start with a simple diagram of the system, feature, application, API, or data flow you want to review.

Players take turns playing cards from the deck. Each card describes a possible type of security threat and prompts the group to ask whether that threat could apply to the system.

When the team finds a useful threat, they capture it and decide what should happen next.

Help your company say yes to the game

  • Sucess Stories

    See how teams and organisations around the world are transforming threat modelling and security collaboration through play.

  • 'Play to Learn' kit

    A ready-made system architecture and guided exercise you can run with your team to experience the game before using it on your own systems.

  • 1.5 hour 'Play to Learn' session

    Join a session online where we will run an exclusive session with your team using physical cards so they can experience the game first-hand and see how it works!

How to play Elevation of Privilege?

Watch this short video to learn the basics.

Play to learn EoP with the creator of the game?

A unique opportunity to take part in an Elevation of Privilege game, guided by the game's creator and threat modelling expert, Adam Shostack.

Hybrid teams? No problem

We developed a style of play where everyone has the physical deck, but plays the game through video conferencing.