What is Threat Modelling?
Threat modelling is an approach for analysing the security of an application, which is a process by which potential threats can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers the questions, “Where are the high-value assets?”, “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, “Is there an attack vector that might go unnoticed?”.
Conceptually, most people incorporate some form of threat modeling into their daily lives and don’t even realize it. Commuters use threat modeling to consider what might go wrong during the morning drive to work and to take preemptive action to avoid possible accidents. Children engage in threat modeling when determining the best path toward an intended goal while avoiding the playground bully. In a more formal sense, threat modeling has been used to prioritize military defensive preparations since antiquity.
Approach & Methodology
softScheck threat modelling will systematically identify and rate the threats that are most likely to affect your system. With threat modelling, softScheck is able to help you ensure that applications are being developed with security built-in from the very beginning.
Our threat modelling report will provide you with a greater understanding of the system. It allows you to have better visibility of where the entry points to the applications are and the associated threats with each entry points.