Threat Modeling
Threat modeling identifies the types of threats that cause harm and takes on
the perspective of malicious hackers to see how much damage they can do. We look
beyond the standard list of attacks to think about the entire threat landscape.
Why Threat Modeling matters?
Threat modeling is the most effective way to
• Detect problems early in the SDLC
• Spot design flaws
• Evaluate new forms of attack
• Maximize your testing budget
• Identify holes in your requirements process
• Save money by remediating problems before releasing software.
What to expect?
Threat modeling is usually an ongoing process of evaluating systems and architecture, and identifying a threat landscape. It should be part of your companies Software Development Lifecycle(SDLC), and typically involves:
- Defining security requirements and scope.
- Creating an application diagram.
- Identifying threats.
- Mitigating threats.
- Validating that threats have been mitigated.