OWASP/Training/Threat Risk Modeling
|Threat Risk Modeling|
|Overview & Goal|
|When you start a web application design, it is essential to apply threat risk modeling; otherwise you will squander resources, time, and money on useless controls that fail to focus on the real risks.
The method used to assess risk is not nearly as important as actually performing a structured threat risk modeling. Microsoft notes that the single most important factor in their security improvement program was the corporate adoption of threat risk modeling.
|* OWASP Application Security Verification Standard Project (ASVS)|