This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Application Threat Modeling
Introduction
Threat Modeling is an approach to application reviews which can help developers and security professionals identify threats, attacks, vulnerabilities and countermeasures which could effect an application.
Threat Modeling can help to ensure that applications are being developed with security built in and any potential threats to the applications have been identified and mitigated. Threat Modeling can also improve general security knowledge within a development teams because it becomes a step in the SDLC and not a separate security only process.
The idea of Threat Modeling isn't new but Microsoft have championed the process over the past few years. Microsoft have made threat modeling a core component of their SDL which they claim to be one of the reasons for the increased security of their products in recent years.
Threat modeling is not an approach to reviewing code but the process should ensure that code being produced has security built in. This should allow the reviewer to understand the where the entry points in an application are and the associated threats with each point.
Identify threats
Understand discovered threats
Threat categorization / Business impact
Data Flow Diagrams
Countermeasures
Assessment
Planning a security assessment or code review based on the threat model deleverable.