Introduction
Threat modeling is an effective technique to help secure your systems, applications, networks, and services. It helps you identify potential threats and risk reduction strategies earlier in the development lifecycle.
Threat modeling uses a data-flow diagram that graphically shows how the system works. It then applies a framework to help you find and fix security issues.
Systems released without first being threat modeled place your customers and organization at risk.
Note
To make things easier, this learning path refer to systems, applications, and services as just systems.
When to use threat modeling
Use threat modeling whenever you design new systems or update existing ones. Examples include:
- Creating a new Azure micro-service that reports on your organization's cloud resource usage for budgeting purposes
- Designing a public API to provide customers access to your data
- Adding a new feature to an existing application
Who can threat model
Anyone with a working knowledge of the system and a basic understanding of security can work with threat modeling. This technique can be applied across any:
- Software delivery approach, for example, Agile or Waterfall
- Deployment cadence, such as hourly, monthly, or annually
Learning objectives
In this module, you explore the four high-level steps of threat modeling and be able to:
- Understand the importance of capturing requirements and assumptions to help create a data-flow diagram
- Read about the framework that helps you find security issues in a system
- Learn about the security-control categories that help you reduce or eliminate potential threats
- Highlight the importance of verifying assumptions, requirements, and fixes before deployment
Prerequisites
- None