Case Study: Threat Model Express and the Energy Sector Case Study: Threat Model Express and the Energy Sector

A case study involving a series of Threat Model Express sessions targeted at business logic threats of all Nodal Applications for an Energy ISO client.

Blog Post: Common Mobile Application Security Pitfalls Blog Post: Common Mobile Application Security Pitfalls

This article illustrates some of the common threats inherent to mobile applications.

Training: Threat Model Express Training: Threat Model Express

This course equips students with the knowledge and techniques required to facilitate a threat model express session, which has lower process overhead than a traditional Threat Model, and is more suitable for agile software development.


Security Compass understands that security may not be a development team's first priority and it is difficult for development teams to spend days using a traditional Threat Model. As a result, we invented the Threat Model Express which minimizes the process overhead and makes the Threat Model compatible with fast paced development processes like Agile and Scrum.

In addition to evaluating the application's architecture for technical threats, the Threat Model Express also assess the application from a business standpoint to identify how these threats impact the business. The Threat Model Express details what happens if these threats are left untreated or if a threat does not have a countermeasure.

Our Consulting Team brings together many years of experience in software development and architecture allowing them to thoroughly understand all the various application frameworks. We instantly grasp how an application has been designed as well as explain both the strengths and common pitfalls behind implementing certain types of frameworks.

The Threat Model Express is the perfect first step in a security assessment. It can also be combined with any one or more of our other assessment services to create a more targeted security assessment.

Meet Our Experts

  • Krish Raja

    Krish Raja

    Security Consultant

    Our team understands the value of not only discovering vulnerabilities, but also clearly communicating their business risk to executives, reproducibility steps to testers, and remediation effort to developers. Our ability to convey a given vulnerability to different audiences in languages each can understand is a virtue on which our customers depend.

    Outside the office, Krish spends time researching the newest technologies and strategies as well as testing the latest equipment used to properly conduct assessments. Krish shares his wealth of knowledge in various ways such as authoring the Dissecting JSF Framework for Penetration Testing paper in August 2011, participating in conferences including the Source Seattle Conference in 2011 and, most recently, the OWASP AppSec DC Conference this past April 2012 where he presented a training segment on Practical Threat Modeling.


Threat Model Express is a powerful tool that identifies the highest risk areas within an application while tying them to known attacks and countermeasures.

Key Business Benefit

The ability to efficiently evaluate the application for vulnerabilities in the design phase directly leads to cost reduction through the prioritization of other application security testing activities.


Security Compass' team of experts have years of experience in software architecture and application security. Our methodology is tried and tested to offer scalability to the busiest development teams.

Learn more