Page 117 - Cyber Defense eMagazine September 2022
P. 117
Threat Modeling: Bridging the Gap Between Developers
and Security Architects
By Stephen de Vries, Co-Founder and CEO of IriusRisk
The application security world is known for friction between security and development teams. However,
this tension can be eradicated through a development security strategy to bring developers and security
architects together: threat modeling.
Protection before it’s too late
Threat modeling is the act of conducting security analysis before a system is finalised, or even built, to
detect weaknesses and vulnerabilities in the design of the system and to plan for mitigating insecure
design. It’s looking left and right on the street before crossing, rather than checking for cars when you’re
in the middle of the road – looking for threats is better done sooner rather than later.
Threat modeling can traditionally be done manually using a whiteboard, running as a workshop where
security experts show the product team which practices to avoid or embrace to enhance security. It can
Cyber Defense eMagazine – September 2022 Edition 117
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.