Threat Modeling is the structured process by which we come to identify, categorize and document application level risks. The process of securing applications begins with understanding the security threats they face and hence the generation of a Threat Modeling Document is one of the corner stones of a Secure Development Lifecycle (SDL).
Threat Modeling is best performed using an iterative approach. The majority of information is gathered and discussed during scheduled Threat Model working sessions held with members of the application development teams such as managers, architects and developers and security personal.
The Threat Modeling process is performed in the following phases:
- Information Gathering & Planning
- Application Decomposition
- Application Threat Analysis
- Countermeasure Identification & Risk Measurement
- Reporting and Communication
All deliverables are template based and used to document the process and track progress. All artifacts including the Threat Modeling report itself are stored in a central repository for each application. An application Threat Model will continue to evolve as new information becomes available and as decisions are made during the application design and development phases. It will also provide input and test cases for future application Security Design and Architecture review functions.