Getting Started with Threat Modeling
Threat Modeling is a way to identify potential security issues to help you shape your application's security design. If you need to create a threat model, and you aren't sure how, here's some links to get you started. (Note that our patterns & practices threat modeling approach is adaptable for agile scenarios. In fact, our dominant set of customers we tested our approach with were using agile methodologies. I'll cover doing agile security another day. )
Getting Started
- At a Glance: Threat Modeling Web Applications
- How To: Create a Threat Model for a Web Application at Design Time
- Walkthrough: Creating a Threat Model for a Web Application
- Template: Web Application Threat Model
- Template Sample: Web Application Threat Model
- Cheat Sheet: Web Application Security Frame
Key Links
- Threat Modeling Web Applications (Landing Page)
- Alex walks through our Threat Modeling approach
- Security Engineering Explained
My Related Posts