Getting Started with Threat Modeling

Threat Modeling is a way to identify potential security issues to help you shape your application's security design.  If you need to create a threat model, and you aren't sure how, here's some links to get you started.  (Note that our patterns & practices threat modeling approach is adaptable for agile scenarios.  In fact, our dominant set of customers we tested our approach with were using agile methodologies.  I'll cover doing agile security another day. )

Getting Started

• At a Glance: Threat Modeling Web Applications
• How To: Create a Threat Model for a Web Application at Design Time
• Walkthrough: Creating a Threat Model for a Web Application
• Template: Web Application Threat Model
• Template Sample: Web Application Threat Model
• Cheat Sheet: Web Application Security Frame

Key Links

• Threat Modeling Web Applications (Landing Page)
• Alex walks through our Threat Modeling approach
• Security Engineering Explained

My Related Posts

• How Do I Explain Threat Modeling to Customers
• What Makes a Good Threat Model
• Threat Modeling Terms and How To Use Them
• High ROI Security Activities
• Security Approaches That Don't Work
• Security Engineering Explained
• Video: Proven Practices for Security Engineering