An architecture defines the build-up of your application. It defines infrastructure components as application components. Your application needs to be build according to the best practices like separation of components, fail-over and disaster recovery. 

You should ensure that your architecture is secure. Creating a threat model is the best way of getting an overview of your security. A threat model gives you an overview of the security risks, mitigations and the accepted risks. It will list the segregation of the application and infrastructure components.

 

The threat model contains four steps:

1.         Draw your architecture model

2.         Identify your trust boundaries

3.         Identify the theoretical and real security risks

4.         Describe mitigations for each security risk and register the accepted risks


  • No labels