DEV Community

Tanya Janca for Microsoft Azure

Posted on • Updated on

Pushing Left, Like a Boss - Part 6: Threat Modelling

This series, and my blog, have moved! Check it out!


The last security-related part of the Design Phase of the System Development Life Cycle (SDLC) is threat modelling, affectionately known as “evil brainstorming”.

Threat modelling happens during the design phase of the system development lifecycle.

The purpose of threat modelling is to discuss the possible threats to your system, then to do your best to mitigate them, and if not, to manage or accept the risks. There are multiple formalized methods for doing this, which I will not discuss here, each one already has its’ own book, advocate or dedicated blog, likely doing a better job detailing it than I ever could. In fact, Microsoft (my employer) basically invented threat modelling, and you can read much more about it here.

That said, dear reader, I want you to understand why threat modelling is important, who needs to do it, as well as when and how you can start.

Read the rest on my NEW blog!!

Discussion (0)