This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Application Threat Modeling

Revision as of 18:09, 23 June 2008 by Davidrook (talk | contribs) (Introduction)

Jump to: navigation, search
OWASP Code Review Guide Table of Contents


Threat Modeling is an approach to application reviews which can help developers and security professionals identify threats, attacks, vulnerabilities and countermeasures which could effect an application.

Threat Modeling can help to ensure that applications are being developed with security built in and any potential threats to the applications have been identified and mitigated. Threat Modeling can also improve general security knowledge within a development teams because it becomes a step in the SDLC and not a separate security only process.

The idea of Threat Modeling isn't new but Microsoft have championed the process over the past few years. Microsoft have made threat modeling a core component of their SDL which they claim to be one of the reasons for the increased security of their products in recent years.

Threat modeling is not an approach to reviewing code but the process should ensure that code being produced has security built in. This should allow the reviewer to understand the where the entry points in an application are and the associated threats with each point.

Identify threats

Understand discovered threats

Threat categorization / Business impact

Data Flow Diagrams



Planning a security assessment or code review based on the threat model deleverable.