Improving Security for Web Applications Through Threat Modeling

Threat modeling is an activity that helps you identify and mitigate threats. It’s very important because it makes you look at security risks top-down, focus on decision-making and prioritize cybersecurity decisions, and consider how you can use your resources in the best possible way. There are many approaches to threat modeling, but all of them have the same goal. They are tools to help you figure out what can potentially harm your security posture and what you can do about it.

Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a particular logical entity, such as a piece of data, an application, a host, a system, or an environment. The fundamental principle underlying threat modeling is that there are always limited resources for security and it is necessary to determine how to use those limited resources effectively.
(NIST SP 800-154 publication)

How is threat modeling performed?

In general, threat modeling helps you think as potential attackers would. It makes you ask yourself questions such as What do you have that is worth attacking? How can it be attacked? Where would the attacker start from? It also uses visual aids that let you see threats more clearly and figure out attack vectors easily.