When you know the different attack vectors, you know the different defenses to employ.
Start the Process
Using threat modeling techniques, Aspect Security can help you capture critical information and create a prioritized plan for your assessment efforts. Threat Modeling begins with an effort to quickly understand the threat agents, architectural components, trust boundaries, critical business assets, and connections of your application and its environment. This helps prioritize the most important areas to focus on during the assessment.
The initial threat model is established during the kickoff call, and is based on available documentation and conversations with representatives from the business, security, architecture, and development teams. As the assessment proceeds, and as our team performs testing and code review, the threat model is updated and refined as needed.
The Aspect Security Advantage
Aspect informally develops a threat model for every application we review to assist with our assessment efforts. Aspect also provides formal application security threat modeling for its clients. We can develop threat models for your critical applications and teach your staff how to develop them. As part of any educational effort related to threat modeling, we provide standard templates and best practices for developing threat models based on common application security architectures, so you aren’t developing your threat models from scratch, providing immediate value and long-term practicality.