Go deeper with our comprehensive white papers
Featured: Process Flow Diagrams (PFDs) vs. Data Flow Diagrams (DFDs) in the Modern Threat Modeling Arena
Data flow diagrams (DFDs) have been the de facto approach to threat modeling in the Information Security profession. As IT development has moved towards rapid iterative modular development and deployment, the flaws that result from using DFDs have become painfully obvious. This white paper looks at some flaws and the advantages of moving to a more mature Process Flow Diagram (PFD) approach to threat modeling as a solution.
Some of the most valuable key points discussed are:
- Engineering security into the early phases of an ever increasingly fast SDLC (proactive) rather than finding flaws to fix at the end (reactive).
- Leveraging PFD-driven threat modeling, including in DevSecOps.
- Using the Visual, Agile, Simple Threat Modeling (VAST) approach.
- Overcoming False Positives, False Negatives and the False Sense of Security characteristic of DFD threat modeling.
ESG Report: Toward Threat Modeling As Code
ESG Report: DevSecOps Should Include Continuous Threat Modeling
451 Vanguard Report: Continuous, Cloud-Centric Threat Modeling Enables the Ultimate ‘Shift Everywhere’ Required by DevSecOps
DevSecOps Blueprint for Cybersecurity
5 Steps to Building a Threat Modeling Program for The Cloud
7 Steps for Building a Scalable Threat Modeling Process
Request a Live Demo
Automatically build threat models from code, with our proprietary, patent-pending feature