Threat Modeling and Risk Assessment Processes

Threat modeling and risk assessment, as a formal process, may or may not be something that your product team or company practices. The formalization of the process into any particular specific format is not a requirement for security testing to take place, but it adds considerable benefit to the entire effort. You will find that if you do not have a formal process, reviewing some of the formats will help you know what you need to look at as an individual tester to improve your own security testing process.