This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

AppSecEU08 Threat Modeling for Application Designers and Architects

Jump to: navigation, search

The cost of fixing a security bug during coding and testing phases is known to be much more expensive than at the earlier design stages. This session will provide product architects and designers with the tools, methodology and best practices of incorporating security into the design and architecture stage in a systematic way that would prevent security design flaws from being introduced in the first place. The session will cover the threat modeling topic targeting software architecture and designers. Session outline will include:

  • What is Threat Modeling?
  • Why carry out Threat Modeling?
  • Introducing the Threat Modeling process, covering: System decomposition (including DFD) Threat mapping (CIA, STRIDE, Attack trees, etc.) Risk rating (several models) Threat response & mitigation
  • Best practices in Threat Modeling (covering do's and don’ts, tools, tips, etc.)

The session will use a dummy Internet banking system to demonstrate the various steps in the performance of Threat Modeling.

System architects, designers and key programmers who will attend this session will:

  • Understand the importance of the Threat Modeling process
  • Get initial tools and methodologies to start performing Threat Modeling / security design reviews in their own systems / products
  • Be exposed to industry BKM / best practices in Threat Modeling / security design reviews