Threat modeling is a proactive approach to application security, which allows the project owner to focus on the most important and cost-effective software security solutions.

 

This step, usually performed either on the initial steps of the Software Development Lifecycle (Inception, Design), or more holistically, in an organizational security overview, prioritizes the importance of assets and the risk of compromising those assets by both malicious attacks and unplanned events.

 

The process involves defining enterprise assets, identifying what each application does (or will do) with respect to these assets, creating a security profile for each application, identifying and prioritizing potential threats, and documenting adverse events and the actions taken in each case.