Threat Modeling
4.1 Threat modeling
Referring to the Threat Modeling Cheat Sheet, threat modeling is a structured approach to identifying and prioritizing potential threats to a system. The threat modeling process includes determining the value that potential mitigations would have in reducing or neutralizing these threats.
Assessing potential threats during the design phase of your project can save significant resources if during a later phase of the project refactoring is required to include risk mitigations. The outcomes from the threat modeling activities generally include:
- Documenting how data flows through a system to identify where the system might be attacked
- Identifying as many potential threats to the system as possible
- Suggesting security controls that may be put in place to reduce the likelihood or impact of a potential threat
Sections:
4.1.1 Threat modeling in practice
4.1.2 pytm
4.1.3 Threat Dragon
4.1.4 Cornucopia
4.1.5 LINDDUN GO
4.1.6 Threat Modeling toolkit
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.