<p>Threat modeling works by identifying the types of threat agents that cause harm to an application or computer system. It adopts the perspective of malicious hackers to see how much damage they could do. </p>
<p>When conducting threat modeling, organizations perform a thorough analysis of the software architecture, business context, and other artifacts (e.g., functional specifications, user documentation). This process enables a deeper understanding and discovery of important aspects of the system. Typically, organizations conduct threat modeling during the design stage (but it can occur at other stages) of a new application to help developers find vulnerabilities and become aware of the security implications of their design, code, and configuration decisions. Generally, developers perform threat modeling in four steps:</p>
<ul>
<li>Diagram. 
 What are we building?</li>
<li>Identify threats. 
 What could go wrong?</li>
<li>Mitigate.
 What are we doing to 
 defend against threats?</li>
<li>Validate. Have we acted on 
 each of the previous steps?</li>
</ul>



Threat modeling works by identifying the types of threat agents that cause harm to an application or computer system. It adopts the perspective of malicious hackers to see how much damage they could do. 

When conducting threat modeling, organizations perform a thorough analysis of the software architecture, business context, and other artifacts (e.g., functional specifications, user documentation). This process enables a deeper understanding and discovery of important aspects of the system. Typically, organizations conduct threat modeling during the design stage (but it can occur at other stages) of a new application to help developers find vulnerabilities and become aware of the security implications of their design, code, and configuration decisions. Generally, developers perform threat modeling in four steps:

* Diagram. 
   What are we building?
* Identify threats. 
   What could go wrong?
* Mitigate.
   What are we doing to 
   defend against threats?
* Validate. Have we acted on 
   each of the previous steps?



Threat Modelling