Threat Modeling

Network Access Control
December 11, 2013
Security Code Review
December 12, 2013

Threat modeling is a security control performed during the architecture and design phase of the SDLC to identify and reduce risk within application.

The threat modeling activity helps an organization to:

  1. Identify relevant threats to a particular application scenario
  2. Identify key vulnerabilities in the application design
  3. Improve the security design

A threat is a potential or actual undesirable event that may be malicious (such as DoS attack) or incidental (Information Disclosure). Threat modeling is a planned activity for identifying and assessing application threats and vulnerabilities.

Secure Design through Threat Modeling

“You cannot build secure systems until you understand your threats”

Our Approach

The five threat modeling steps that we follow are:


Threat Modeling Benefits

  1. Uncovers logical/architectural vulnerabilities
  2. Reduces risk and minimizes impact
  3. Validates design meets security requirements
  4. Reduces scope of code inspection
  5. Serves as a guide for verification testing
  6. Identifies expensive mistakes early on
  7. Improve understanding and structure of application
  8. Decreases new hire ramp up time


Executive and Technical Report which includes:

  1. Vulnerabilities and details with severity levels
  2. Remedies and technical details of the same
  3. Graphs and charts analyzing the security quotient of the application
  4. Analytical tips for taking care in further development