Pushing Left, Like a Boss - Part 6: Threat Modelling

#applicationsecurity #tutorial #beginners #appsec

This series, and my blog, have moved! Check it out!

The last security-related part of the Design Phase of the System Development Life Cycle (SDLC) is threat modelling, affectionately known as “evil brainstorming”.

The purpose of threat modelling is to discuss the possible threats to your system, then to do your best to mitigate them, and if not, to manage or accept the risks. There are multiple formalized methods for doing this, which I will not discuss here, each one already has its’ own book, advocate or dedicated blog, likely doing a better job detailing it than I ever could. In fact, Microsoft (my employer) basically invented threat modelling, and you can read much more about it here.

That said, dear reader, I want you to understand why threat modelling is important, who needs to do it, as well as when and how you can start.

Read the rest on my NEW blog!!

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Youtube Tutorial Series 📺

So you built a Next.js app, but you need a clear view of the entire operation flow to be able to identify performance bottlenecks before you launch. But how do you get started? Get the essentials on tracing for Next.js from @nikolovlazar in this video series 👀

Watch the Youtube series

DEV Community

Pushing Left, Like a Boss - Part 6: Threat Modelling

This series, and my blog, have moved! Check it out!

Read the rest on my NEW blog!!

The Next Generation Developer Platform

Top comments (0)

Youtube Tutorial Series 📺

Read next

Understanding the HTTP 431 Error: A Developer's Guide

A Developer's Guide to the AliExpress API

The Ultimate Steam Web API Guide

JSON Patch vs JSON Merge Patch - In-Depth Comparison