Threat Model? What is that?

Photo by Alex Iby on Unsplash

In the world of internet, security is becoming big concern for all organisations. Data protection regulations like EU General Data Protection Regulation — GDPR are making programmer’s life even worse. In a way, it is good that such type of regulations are enforcing organisations to take security seriously.

In this article I am going to talk about a concept in security called — Threat Model and it can help you secure your applications & products.

What is Threat Model?

In simple words, it is an approach to analyse the security of an application. It is a structure way to identify, quantify & mitigate the security risks in an application.

How do I implement a threat model?

A threat model can be implemented in 3 simple steps-

1. Draw a diagram of various components in the application. This is more of decomposing the application by drawing the Data Flow Diagram (DFD).
2. Identify & rank the threats as per OWASP’s STRIDE classification scheme
3. Determine and implement the risk mitigation. Once you understand the risk, you can take help from various online resources on how that risk can be reduced.

What is Data Flow Diagram?