Application Threat Modeling Program
There are three essential components in an effective application threat modeling program. The Application Threat Modeling Framework provides the structure for each threat modeling process. Each process focuses on a different aspect and approach to application threat modeling.
-
Threat Modeling Framework
Provides the foundation of the Threat Modeling program. The framework defines and serves as a central resource for:
- Threat modeling core concepts and terminology
- Kroll’s threat modeling approach and processes
- Internal threat modeling knowledge base
- Threat modeling training material
- Internal and external reference materials
- Tools, templates and guides
-
Abuse Case and Business Logic Threat Modeling Process
Focuses the threat modeling effort on identifying threats, weaknesses and vulnerabilities that are unique to the application and cannot be identified using automation. This process brings the required levels of depth in uncovering potential threats within complex business logic scenarios.
-
Common Weaknesses & Controls Threat Modeling Process
Focuses on identifying system weaknesses and the controls to prevent them with the help of automation. The common aspect of this process refers to the core components of systems and the issues that may arise from insecure implementations. The process leverages tooling to help automatically identify common and accepted guidance, good practices and design patterns early in the development lifecycle.
Analyzing threats involves time and effort. Kroll’s approach to defining and implementing application threat modeling programs makes it easy for teams to adopt, see results and implement improvements.
