Threat modeling techniques
Threat modeling is the process of identifying, understanding, and addressing threats in a given system, application, or environment. It’s a key component of secure design and the SDLC. Here’s an overview of the primary threat modeling techniques:
Brainstorming:
- This is an informal technique where a group of stakeholders, ideally with diverse expertise, come together to discuss and identify potential threats to a system
- Strengths: Flexible; can produce creative and unexpected insights
- Limitations: As it is informal, it might miss certain threats or be biased based on the participants’ knowledge
Attack trees: