Threat Modeling

Applications are always exposed to various security threats, especially for application processing money-related data, which will be attacked by attackers more frequently. It is necessary for an application development team to know about those threats and develop defensive measures accordingly. However, the challenge is how to understand and analyze those threats comprehensively and systematically. An effective solution is, to facilitate analyses on security threats through threat modeling.

Threat modeling is a structured method, which helps development team to clarify security threats from each aspect as comprehensive as possible, so as to formulate defensive measures timely. It is worth noting that threat modeling shall not be a one-off process but a persistent and repeated task. Threat modeling shall be adopted at the early stages of application design, and performed throughout the entire lifecycle of software development. This is because: first, it is impossible to find out all threats at a time; second, business demands are changing, and application shall also be in constant evolution, so threat modeling shall be performed according to the change the applications.