Security may not be a development team’s first priority and it is difficult for development teams to spend days conducting a traditional Threat Model. As a result, we developed Threat Model Express, which minimizes the process overhead and makes the Threat Model compatible with fast paced development processes like Agile and Scrum.
Threat Model Express is a powerful yet simple exercise that identifies the highest risk areas within an application and ties them to known attacks and countermeasures. In addition to evaluating the application’s architecture for technical threats, it also assesses the application from a business standpoint to identify how these threats impact the business. Threat Model Express details what happens if these threats are left untreated or if a threat does not have a countermeasure.