Threat Modeling¶
If the term threat modeling is new to you, don't worry. You have almost certainly done it before, just under a different name. Whenever you have thought about the risks facing a system, what data needs protection, or how a feature could be misused, you were threat modeling. It is simply the industry-adopted term for systematically thinking through what can go wrong in IT systems.
More precisely, the Threat Modeling Manifesto defines it as:
Threat modeling is analyzing representations of a system to highlight concerns about security and privacy characteristics.
This is the definition we use in the AppSec team, and the foundation for how we present and train development teams to adopt the practice.
Why threat model?¶
Threat modeling answers the why behind your security efforts. If you don't base your security work on assessed risk, you are essentially doing security in the dark. You might still implement good controls, but you are bound to have blind spots.
Threat modeling gives you a structured way to identify what actually matters, so your security work is driven by real risks rather than assumptions or checklists.
Tip
Threat modeling is widely regarded in the security community as one of the most impactful activities a development team can perform to improve their security posture.