Threat modeling represents a plethora of different practices to analyze a system from a security perspective.
In the early days, threat modeling was much simpler and based on systems where threat vectors against the system were well-known. In such cases creating diagrams manually was easier — we had controlled access to the few systems that were available. But in today’s DevSecOps world, things look quite different.
In this whitepaper, we focus on threat modeling from a general perspective, without delving into a specific methodology. The considerations and recommendations collected here should therefore be applicable to most approaches.