Threat Modeling at a Glance
Over the last few years, significant progress has been made in back end SDLC security controls. Vendors have developed sophisticated analysis tools focusing on code inspection and application testing and organizations are incorporating both automated and manual assessment methods into the latter half of their development process. However, adoption of architectural risk analysis has not been as widespread.
Although threat modeling is not a new concept and approaches such as Microsoft's STRIDE are well known, companies have not internalized and adopted design related security controls with the same vigor.
Threat Modeling Presentation
The purpose of this presentation is to provide an understanding of what threat modeling is, why it is important, and champion its benefits.
Bake Security into the SDLC
Praetorian's threat modeling service helps identify over 75 percent of major security design flaws, reduces the scope of security code reviews to only those lines and components that matter, narrows and guides the focus of penetration tests, and minimizes the need for expensive code rewrites when problems are discovered.
During a two- to four-day onsite workshop, Praetorian will conduct the following core activities with your development team: identify security objectives, understand the application, decompose the application, evaluate the potential threats, discuss compensating security controls, and finally identify and prioritize vulnerabilities.