Useful Links
Computer Science
Cybersecurity
Threat Modeling
1. Introduction to Threat Modeling
2. The Threat Modeling Process Overview
3. System Decomposition and Modeling
4. Threat Identification and Enumeration
5. Threat Analysis and Risk Assessment
6. Validation and Verification
7. Integrating Threat Modeling into the Development Lifecycle
8. Domain-Specific Threat Modeling
9. Tooling and Automation
10. Scaling a Threat Modeling Program
The Threat Modeling Process Overview
The Four Key Questions
What are we working on?
System Identification
Asset Inventory
What can go wrong?
Threat Enumeration
Attack Scenarios
What are we going to do about it?
Mitigation Planning
Control Selection
Did we do a good job?
Validation Techniques
Metrics and Feedback
Common Process Models
Microsoft SDL Threat Modeling Process
Steps and Artifacts
Integration with SDL Phases
VAST Methodology
Visual Modeling
Agile Integration
Scalability Considerations
Previous
1. Introduction to Threat Modeling
Go to top
Next
3. System Decomposition and Modeling