Application threat modelling

Applications in general, and in a wider perspective, software development requires Software-based threat modelling, “a structured approach that enables you to identify, quantify, and address the security risks associated with an application”.


These are some simplified and generalised notes on how to:

  • Identify resources that need protection (assets)

  • Document security assumptions

  • Identify attack surface and input and output attack vectors

  • Combine these vectors into attack trees (scenarios)