Threat Modelling is a technique that enables software professionals to be able to explore, identify, and manage potential risks and threats to software. It can be a useful start to building a security testing strategy.

In this video we will be exploring Threat Modelling.

Threat Modelling is an approach to analysing the security of an application.

As part of software development projects, threat modelling can assist with:

  • Identifying security threats to applications, through examining the architecture and infrastructure
  • Identify potential attacks that could be launched against the application, such as through application interfaces
  • Form the basis of security mitigation strategies and test approaches

This video will look at the infrastructure and components of applications in detail and consider potential threats in each of those areas, such as networking, servers, operating systems, databases and user interfaces.

With these components in mind, the video will then go on to examine the STRIDE model, which can be used to explore potential threats and attacks that could be launched against applications.