Previous

Next

Summary

Completed

Threat modeling allows engineers to graphically describe their system to others. It creates a common ground and enables more focused security conversations.

However, threat models can either get too complex or too high level, depending on the system you're building and the required context.

In this module, you learned to prioritize your issues and apply the right layer of security controls based on type and function.

In this module, you:

• Learned the differences between the data-flow diagram depth layers.
• Learned when to use each layer.

Note

Did You Know? In addition to the four layers, you can also create diagrams based on user roles to help identify authentication and authorization weaknesses. According to sources like OWASP, those mishaps are among the top security issues across organizations today, so applying threat modeling per applicable role can strengthen your overall system security and help protect your customers.

Check your knowledge

1.

Which statement summarizes the importance of defining context depth layers earlier in the threat modeling stage?

It allows me to gather details about all of the external components used.

It helps me generate the right level of context according to requirements and expectations.

It helps me identify all applicable threats before a security review takes place.

You must answer all questions before checking your work.

Continue