View article

Risk assessment and threat modeling are conducted for different purpose. The integration of risk assessment and threat modeling process limit the risk of software-based system. Incorporating security in all phases of software development life cycle is a tedious task in many organizations. In design phase of SDLC, the 50 % software defects are identified and detected. Most of the security attacks are happen in application layer. This paper explains the combined use of risk assessment and threat model to understand the security risk of an application. We also discuss how the model may be identifying threats and how to frame threat prioritization for threat category. Finally, we recommend understanding of risk of detection and creating a fair environment to reduce the likelihood of committing criminal acts by attackers.