Application Threat Modeling
Threat Modeling is an approach to application reviews which can help developers and security professionals identify threats, attacks, vulnerabilities and countermeasures which could effect an application.
Threat Modeling can help to ensure that applications are being developed with security built in and any potential threats to the applications have been identified and mitigated. Threat Modeling can also improve general security knowledge within a development teams because it becomes a step in the SDLC and not a separate security only process.
The idea of Threat Modeling isn't new but Microsoft have championed the process over the past few years. Microsoft have made threat modeling a core component of their SDL which they claim to be one of the reasons for the increased security of their products in recent years.
Threat modeling is not an approach to reviewing code but the process should ensure that code being produced has security built in. This should allow the reviewer to understand the where the entry points in an application are and the associated threats with each point.
Understand discovered threats
Threat categorization / Business impact
Data Flow Diagrams
Planning a security assessment or code review based on the threat model deleverable.