Threat Modeling
Threat Modeling is a critical step in any product's lifecycle. Fully understanding where your vulnerabilities exist and what steps you need to mitigate them is crucial for preventing a breach.
End-to-End Architecture
First, RedSquall works directly with you and your team to understand your product's end-to-end architecture. Our team will generate a product architecture and dataflow model using the information you provide. Once a complete picture is created, RedSquall reviews every aspect of your product for possible threats.
​
Standards
Standards like AWS CIS, OWASP Top 10, and ASVS are used to articulate threats as they relate to your product. Threats will include everything from client-side issues, such as an adversary reverse engineering your mobile application, to compromised root cloud account credentials.
Countermeasures
Next, RedSquall will develop countermeasures for each threat and document them in a detailed report. The threat model culminates in a delivered report and presentation.