For more details on the keywords, look at this threat modeling appendix
Threat Modeling
a process of identifying the design flaws and security threats that could happen in the system that is being modelled against.
In Secure SDLC, threat modeling happens on the design phase of the lifecycle. Following points gives better understanding about this process:
- it is an iterative process of understanding the system and identify the threats
- engage with all the stakeholders of the system and brainstorm with possible threats
- identify the countermeasures that will reduce the risk exposure by mitigating threats that are identified