Application threat modelling
Applications in general, and in a wider perspective, software development requires Software-based threat modelling, “a structured approach that enables you to identify, quantify, and address the security risks associated with an application”.
Simplified
These are some simplified and generalised notes on how to:
Identify resources that need protection (assets)
Document security assumptions
Identify attack surface and input and output attack vectors
Combine these vectors into attack trees (scenarios)