A methodology that allows the user to systematically identify and rate the threats that are most likely to affect a system. The identification and rating of threats based on a solid understanding of the application architecture and implementation and enables addressing threats with appropriate countermeasures in a logical order, starting with the threats that present the greatest risk. Threat modeling is characterized by a structured approach that is more cost efficient and effective than applying security features in a haphazard manner without knowing precisely what threats each feature is supposed to address.
