You might have heard of threat modeling as a structured activity for identifying and managing application threats. And that’s exactly what it is. Threat modeling – also called Architectural Risk Analysis – is an essential step in the development of your application. Without it, your protection is a shot in the dark.
When you create a piece of software, you will face multiple security issues in different phases of the lifecycle, such as security design flaws, security coding bugs and security configuration errors.
Reducing risks effectively equals starting with threat modeling as soon as possible. That is why it is typically done during the design stage of a new application. Threat modeling allows you to find vulnerabilities and to consider, document and discuss the security implications of design, code and configurations.
Threat modeling is typically performed in 4 steps:
- Diagram: what are we building?
- Identify threats: what can go wrong?
- Mitigate: what are we doing to defend against threats?
- Validate: validation of the previous steps and act upon them.
Want to gain more in-depth insights about these steps? Read our blog post Threat modeling in 4 steps.
One of the major advantages of threat modeling is that you prevent security flaws when there is time to fix them: in the design phase. But there are many more reasons to start with threat modeling today, such as:
- You select a mitigation strategy and techniques based on identified, documented and rated threats.
- You identify and address the greatest risks.
- You are able to prioritise development efforts within a project team based on risk weighting.
- You increase risk awareness and understanding.
- You use mechanisms for reaching consensus and better trade-off decisions.
- You also make use of threat modeling to communicate results.
- You benefit from cost justification and support for needed controls.
- You use artefacts to document due diligence for each software project.
