Application Threat Modeling document parts
An ATM document has multiple sections. In fact, this document can be between 40-70 pages long. Understanding each section is crucial for a successful project. I know I told you previously to keep this document simple, but not too much; you should not miss the important details of an ATM document.
So, here's the list of the most important sections that an ATM document should contain:
- Data Flow Diagram
- External dependencies
- Trust levels
- Entry points
- Assets
- Test strategies
- Security risks
Data Flow Diagram
I placed this title, Data Flow Diagram (DFD), at the beginning for a reason; because it's my favorite section and I use it as a reference in the ATM document. The DFD will allow us to gain a better understanding of the application by providing a visual representation of the different pieces of the web application. The focus of the DFD is on how data moves through the application from the user until it reaches its final destination (for example, a database...