Identify . Classify . Prioritize . Mitigate
Threat Modeling is a process that lets you identify all the possible threats to your web application and creates a plan for your mitigation strategy. Traditionally threat modeling has been complex, time consuming, resource intensive and costly exercise which requires a high degree of security expertise. ThreatModeler™ aims to change all of that by simplifying the process and automating the work to a greater degree. No longer, creating a threat model is the job of security experts. The major advantage of ThreatModeler™ over the traditional threat modeling process is its usability and little or no security knowledge required to create threat models. The entire process is more straightforward as compared to any other Threat Modeling tool. ThreatModeler™ allows users to capture the entire flow of the application, and define certain properties based on which it automatically generates threats and classifies them under various risk categories. ThreatModeler™ not only streamlines and automates the entire threat modeling process by reducing the manual work but it also incorporates abuse case modeling, to generate more targeted threats to individual functionality and associates mitigation steps along with it. Updating a threat model with ThreatModeler™ is a matter of minutes. ThreatModeler™ can be used by Architects, Developers, Security Professionals, QA professionals or senior executives.
How ThreatModeler works?
ThreatModeler™ allows users to capture the entire flow of the application, and define certain properties based on which it automatically generates threats and classifies them under various risk categories. It’s simple to use navigation wizard help users to enter the required information they will need to get started with their application and capture the application security profile of the application. ThreatModeler™ allows the user to decompose the application just like they do it on the drawing board but at the same time provide features that a drawing board can’t. User can define the communication channel (protocols) between different components; assign data elements and technical controls (like Form, URL, Cookie, Session, etc) to these components.
Once a user has completed the component diagram, ThreatModeler™ has an intelligent threat engine, which automatically identifies threats based on the information provided and automatically prioritizes the threats based on risk.
Contact sales@myappsecurity.com for more information or to schedule a demo.
Follow Us!