How to use the online LINDDUN GO card deck?
The instructions remain the same. But now you can also use LINDDUN GO in a remote threat modeling session.
You can start a new game with a full deck or configure the set of cards you want to use.
Start the game
When you press start, you begin a new game with a full deck. Simply click on the card with the LINDDUN GO logo to get a new card from the deck.
During the game you can go back to your previously drawn cards (button on the lower right). You can also copy the URL of the current deck (button on the lower left). You can share it with others that join your threat modeling session, so everyone can iterate over the same sequence of cards. Or you can also use it when you split your threat modeling exercise in several sessions. Note that, the sequence is saved, but you will have to flip through the card deck until you reach the card where you left off.
Configure the game
When you do not want to iterate over the entire set of cards, you can configure the subset you want to use.
This can be particularly useful when you apply the cards in an educational setting and you want to scope the exercise to a particular subset.
Tips to play remotely
One person shares their screen of the LINDDUN GO card deck. Or, one person starts a new game and shares the deck's URL with the other participants. This way, everyone will have the same sequence of cards to iterate over.
Make sure everyone has access to the model of the system. A shared screen can work, but better would be that everyone can work on the model together. The same holds for documenting the identified threats.
For more inspiration, check out Adam Shostack's tips for remote threat modeling on his blog and the AppSec podcast.