Threat Modeling

To be written

See also

• https://www.owasp.org/index.php/Threat_Risk_Modeling
• https://www.schneier.com/academic/archives/1999/12/attack_trees.html
• Improving Web Application Security: Threats and Countermeasures / Chapter 3 Threat Modeling

Work and data flows

• identify what assets the team owns
• identify what data is in them
• map the flow of data
• classify the data
• mitigate the highest risk first