Software-centric threat modelling

Software-based threat modelling is part of The Open Web Application Security Project (OWASP), described as “a structured approach that enables you to identify, quantify, and address the security risks associated with an application.”

This approach involves the design of the system and can be illustrated using software architecture diagrams such as data-flow diagrams (DFD), use case diagrams, or component diagrams.

This method is commonly used to analyse networks and systems and has been adopted as the de-facto standard among manual approaches to threat modelling.