Threat Modeling

Web Application Development

Avotis’ web application threat modeling consist of five core element of the Application Security Development Lifecycle (SDL). It’s an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. You can use threat modeling to shape your application design to meet your company’s security objectives and reduce risk.

There are five major threat modeling steps:

  • Defining security requirements.
  • Creating an application diagram.
  • Identifying threats.
  • Mitigating threats.
  • Validating that threats have been mitigated.

Threat modeling should be part of your routine development life cycle, enabling you to progressively refine your threat model and further reduce risk.

STRIDE Modelling

Avotis used the STRIDE model against each entry point to determine your security threats. STRIDE stands for:

  • Spoofing identity
  • Tampering with data
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege

It helps you identify and classify the threats to your IT infrastructure or devices.


Fig 1. STRIDE Modelling


You can apply the STRIDE threat model to each entry point as shown: